Re: Anyone using Kerberos in 2.5.2 and having trouble with performance due to encryption?
2007-08-21 10:42:40
Klas,
Try amanda-2.5.3alpha-kencrypt.tar.gz from
http://www.zmanda.com/community-builds.php
It add support for the DLE kencrypt option with krb5.
I don't know how to changer the encryption method.
Jean-Louis
Klas Heggemann wrote:
20 aug 2007 kl. 19.13 skrev Jean-Louis Martineau:
Klas Heggemann wrote:
Hi!
We are inte transition from amanda 2.4.2 to 2.5.2. We seem to have a
working
build and configuration. We've also switched from Solaris 9 to 10,
and newer
hardware.
However, with 2.5.2 encryption is no longer an option, when using
Kerberos 5 authentication.
The backup server seems to have problems with the backup of nearly
200 filesystems on 80 hosts.
With 2.5.2, krb5 must encrypt nothing or encrypt everything, it is
set at compile time with AMANDA_KRB5_ENCRYPT,
it must be the same for all clients and server.
Yes we are aware of that. Since Kerbers encryption seems very slow
(about 2 or 3 times slower
backus then with ssh). We will not be able to use encryption for all
filesystems.
If we stick to Amanda, we need to find s a solution. What i have in
mind is two different
backup sets, one for encryption and one for non encrypted transfers.
Perhaps this could be
a amanda.conf option, so you could use the same binary. The client,
unfortunatly need to listen
on different ports.
We will do some tests with this approach and report bac
Another solution could be to use another encryption method. I guess
3DES is used, but
I do not know where the encrytion method is choosen. Ayone who knows?
Perhaps AES is faster?
Jean-Louis
/klas
|
|
|