Re: [Networker] auth error after upgrade to 7.4.2

Legato will try to use the strongest authentication method possible, then
step down if it can't. It's warning you that it can't use strong
authentication, but that doesn't mean the backup will fail. Usually strong
authentication breaks when:

1) Forward and reverse DNS don't match
2) time is not synchronized
3) Either side cannot find a form of good randomness from the OS
(/dev/random, /dev/urandom) etc...
4) One side running a different version.

----
Matthew Huff       | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
http://www.ox.com  | Phone: 914-460-4039
aim: matthewbhuff  | Fax:   914-460-4139



> -----Original Message-----
> From: Teresa Biehler [mailto:tpbsys AT rit DOT edu]
> Sent: Wednesday, February 25, 2009 1:36 PM
> To: EMC NetWorker discussion; Matthew Huff
> Subject: RE: [Networker] auth error after upgrade to 7.4.2
>
> Ok - all this makes sense.  Here's my question - it LOOKS like
> everything is working even though we are getting these errors in the
> logs.  Backups are completing successfully.  Restores are completing
> successfully.  So, what is the error really telling me?
>
> Thanks.
> Teresa
>
> -----Original Message-----
> From: EMC NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU]
> On
> Behalf Of Matthew Huff
> Sent: Wednesday, February 25, 2009 1:29 PM
> To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
> Subject: Re: [Networker] auth error after upgrade to 7.4.2
>
> I'll hazard a guess that they added the strong authentication not for
> backups, rather for restores. Being able to restore a file could easily
> be used to assist in breaking into a machine/network. I assume that if
> stronger authentication is needed for restores, it would be rendered
> less useful if you can't trust the same method for it to be used for
> backups. For example, if I can impersonate a machine and have the
> /etc/shadow file backed up, and then restore it to a production server
> then I can break into it.
>
> Some of these vulnerabilities they have fixed from 7.2 to 7.4 are based
> on actual security incidents. None of this is an excuse for poor
> implementation, documentation, support, or diagnostics.
>
> ----
> Matthew Huff       | One Manhattanville Rd
> OTA Management LLC | Purchase, NY 10577
> http://www.ox.com  | Phone: 914-460-4039
> aim: matthewbhuff  | Fax:   914-460-4139
>
>
>
> > -----Original Message-----
> > From: EMC NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU]
> > On Behalf Of Goslin, Paul
> > Sent: Wednesday, February 25, 2009 1:17 PM
> > To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
> > Subject: Re: [Networker] auth error after upgrade to 7.4.2
> >
> > Davina, Please excuse my ignorance ... WHY IS IT NECESSARY ?
> >
> > I understand why antivirus is needed, like a vaccination is needed to
> > keep things healthy and keep malicious software from infecting your
> > machine.
> >
> > Exactly how is questioning something you don't comprehend being naive
> ?
> >
> > I've been using/running Networker for about 10 years... Long before
> it
> > did any type of 'authentication' to the best of my knowledge ...
> > Since it's been introduced, I have only had problems with it... And
> no
> > one has pointed out the benefits or why it should be required to
> backup
> > a client machine... If you go to all the effort of installing
> Networker
> > client package on the client, specifying the server (or servers)
> > allowed
> > to back it up, and then configure it on the server to be backed up,
> > please explain in detail how the extra step of Authenticating the
> > client
> > before backing it up is a benefit ?
> > Where is the value added in this extra step ?
> > I would be amazed to see someone trying to have a machine masquerade
> as
> > an existing client in order to get their data backed up for whatever
> > reason.... Who would go to such effort ? Unless you have actually
> > attempted or seen this ?
> >
> >
> > > -----Original Message-----
> > > From: Davina Treiber [mailto:Davina.Treiber AT PeeVRo.co DOT uk]
> > > Sent: Wednesday, February 25, 2009 12:59 PM
> > > To: EMC NetWorker discussion; Goslin, Paul
> > > Subject: Re: [Networker] auth error after upgrade to 7.4.2
> > >
> > > Goslin, Paul wrote:
> > >   (I fail to
> > > > understand why Networker needs to authenticate a client in the
> > first
> > > > place?)
> > >
> > > That's a rather naive comment. Of course it is necessary to
> > > authenticate.
> > >
> > > It's a bit like saying that you fail to understand why it is
> > > necessary to run anti-virus on a Windows system.
> > >
> >
> > To sign off this list, send email to listserv AT listserv.temple DOT edu and
> > type "signoff networker" in the body of the email. Please write to
> > networker-request AT listserv.temple DOT edu if you have any problems with
> > this list. You can access the archives at
> > http://listserv.temple.edu/archives/networker.html or
> > via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
>
> To sign off this list, send email to listserv AT listserv.temple DOT edu and
> type "signoff networker" in the body of the email. Please write to
> networker-request AT listserv.temple DOT edu if you have any problems with
> this
> list. You can access the archives at
> http://listserv.temple.edu/archives/networker.html or
> via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER