Re: Can a rsync server use MySQL for authentication
On Wed, 12 Mar 2008 17:58:53 -0800 Robert Fargher [EMAIL PROTECTED] wrote: What I'd like to know is if I can do the same thing with rsync? Specifically, can I run rsync as a daemon that permits secure connections and encrypted transfers from remote users using the same MySQL database for authentication that I'm already using for ftp? Sounds like a job for PAM. http://www.google.com/search?q=linux+PAM :) -- Daniel Maher dma AT witbe.net signature.asc Description: PGP signature -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Can a rsync server use MySQL for authentication
On Thursday 13 March 2008 02:58:43 Daniel Maher wrote: On Wed, 12 Mar 2008 17:58:53 -0800 Robert Fargher [EMAIL PROTECTED] wrote: What I'd like to know is if I can do the same thing with rsync? Specifically, can I run rsync as a daemon that permits secure connections and encrypted transfers from remote users using the same MySQL database for authentication that I'm already using for ftp? Sounds like a job for PAM. http://www.google.com/search?q=linux+PAM :) No, specifically not. We are already using MySQL to authenticate secure FTP, using ProFTPDd. What I'd like to do is to use the *same* MySQL database/tables to authenticate secure rsync. If rsync can't do it, that's fine, I just won't offer rsync as a service. PAM, as I understand it, requires a user account on the system. This is specifically what we don't want. All remote ftp/rsync user info is to be completely contained within the MySQL database -- Cheers, Rob -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Can a rsync server use MySQL for authentication
On Thu, 13 Mar 2008 04:23:15 -0800 Robert Fargher [EMAIL PROTECTED] wrote: Sounds like a job for PAM. http://www.google.com/search?q=linux+PAM :) No, specifically not. We are already using MySQL to authenticate secure FTP, using ProFTPDd. What I'd like to do is to use the *same* MySQL database/tables to authenticate secure rsync. If rsync can't do it, that's fine, I just won't offer rsync as a service. PAM, as I understand it, requires a user account on the system. This is specifically what we don't want. All remote ftp/rsync user info is to be completely contained within the MySQL database Actually, PAM /doesn't/ require user accounts on the system. From the PAM docs : Q1: What exactly is PAM? Basically, it is a flexible mechanism for authenticating users. ... PAM provides a way to develop programs that are independent of authentication scheme. In my environment, for example, when a user logs into a machine via SSH, PAM sends the request off to our Kerberos server (which handles the authentication challenge, of course), which if successful, then queries an LDAP server for the users' profile information. There are absolutely no user entries in /etc/passwd at all. I suppose that you're using a ProFTPd-specific manner of interacting with MySQL. This is, of course, completely valid - but you end up locking yourself into a solution which is clearly not as extensible as you'd like. Instead, you may wish to consider housing your generic authentication data in a MySQL backend which PAM challenges at a system level. In this way, any application or service which wants to verify a user can simply query the system and obtain a result - be it ProFTPd, Rsync, or something else entirely. By abstracting the authentication mechanism, you no longer have to worry about whether your particular application supports your desired backend. -- Daniel Maher dma AT witbe.net signature.asc Description: PGP signature -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Can a rsync server use MySQL for authentication
On Thursday 13 March 2008 06:51:57 Daniel Maher wrote: PAM provides a way to develop programs that are independent of authentication scheme. Thank you for all that, you make some very good points and I learned more about the capabilities of PAM. I've presented the relevant info to the client and we'll see how he wishes to proceed. -- Cheers, Rob Fargher -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
