The amanda24 branch (but not yet in any release) now has working
support for Kerberos 4 authentication of dump requests and encryption
of dump streams.
Note that in addition to encrypting the data stream, it is important
to ensure that only authorized dump servers can cause clients to send
backup data.
I have thought about setting up IPsec, and I think if one fixed the
ports used by amanda that would be fairly easy to do in the SPD.
NetBSD and racoon didn't support (at the time) dynamic SA generation
from per-socket policy, which is how I first thought of doing this.
--
Greg Troxel <[EMAIL PROTECTED]>
