Klas,

It add support for the DLE kencrypt option with krb5.

I don't know how to changer the encryption method.

Jean-Louis

Klas Heggemann wrote:

20 aug 2007 kl. 19.13 skrev Jean-Louis Martineau:

Klas Heggemann wrote:

Hi!

We are inte transition from amanda 2.4.2 to 2.5.2. We seem to have a working build and configuration. We've also switched from Solaris 9 to 10, and newer

hardware.

However, with 2.5.2 encryption is no longer an option, when using Kerberos 5 authentication. The backup server seems to have problems with the backup of nearly 200 filesystems on 80 hosts.

With 2.5.2, krb5 must encrypt nothing or encrypt everything, it is set at compile time with AMANDA_KRB5_ENCRYPT,

it must be the same for all clients and server.

Yes we are aware of that. Since Kerbers encryption seems very slow (about 2 or 3 times slower backus then with ssh). We will not be able to use encryption for all filesystems.

If we stick to Amanda, we need to find s a solution. What i have in mind is two different backup sets, one for encryption and one for non encrypted transfers. Perhaps this could be a amanda.conf option, so you could use the same binary. The client, unfortunatly need to listen

on different ports.

We will do some  tests with this approach and report bac

Another solution could be to use another encryption method. I guess 3DES is used, but I do not know where the encrytion method is choosen. Ayone who knows? Perhaps AES is faster?

Jean-Louis

/klas