Re: The question about krb5 encryption
2007-09-21 04:56:30
Thank you for answering my question.
>krb5keytab and krb5principal are global parameter, they are not >dumptype parameter. I deleted krb5keytab and krb5principal from dumptype.
When I executed amcheck in the kerberos environment, the following messages were
output. ----- amcheck-clients: could not find security driver 'krb5' for host 'rh5cli.amandatest.net' -----
The ticket can be obtained from the backup client for the backup server.
I read the amanda-wiki (http://wiki.zmanda.com/index.php/Kerberos_authentication#Destination_Host_Permissions_file
) but I don't solve the problem.
I changed "--with-krb5-security" from "/usr/kerberos" to "/usr/lib64".
Would you please tell me where the problem to be or where to be confirmed.
>If you want to use ssh or krb5, I strongly suggest to upgrade to 2.5.2p1. Why do you suggest to upgrade to 2.5.2p1 strongly ?
Thanks in advance.
07/09/20 に
Jean-Louis Martineau <martineau AT zmanda DOT com> さんは書きました:
krb5keytab and krb5principal are global parameter, they are not dumptype parameter.
If you want to use ssh or krb5, I strongly suggest to upgrade to 2.5.2p1.
Jean-Louis
Takashi Kurakata wrote: > Hi all,
> > I am using amanda that the bundle is being done by RHEL5 now. > The version of amanda is 2.5.0p2-4. > > I want to construct amanda with the krb5 encryption between the backup > server and the backup
> client. > > When the "amcheck -c" command was executed, the following error > messages were output. > ---- > "/etc/amanda/DailySet1/amanda.conf", line xxx: dump type parameter
> expected > "/etc/amanda/DailySet1/amanda.conf", line xxx: end of line expected > ---- > > The dumptype is as follow: > ---- > define dumptype kerberos { > comment "Kerberos dump"
> auth "krb5" > krb5keytab "xxx" > krb5principal "xxx" > global > program "GNUTAR" > } > ---- > The parameter of "krb5keytab" and "krb5principal" is recognized the
> error message of not being. > > The result of "amadmin xx version" is as follow: > ---- > build: VERSION="Amanda-2.5.0p2" > BUILT_DATE="Fri Sep 7 21:54:02 JST 2007"
> BUILT_MACH="Linux rh5srv 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:14 EST > 2007 x86_64 x86_64 x86_64 GNU/Linux" > CC="gcc" > CONFIGURE_COMMAND="'./configure' '--build=x86_64-redhat-linux-gnu'
> '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' > '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' > '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
> '--datadir=/usr/share' '--includedir=/usr/include' > '--libdir=/usr/lib64' '--libexecdir=/usr/lib64/amanda' > '--localstatedir=/var/lib' '--sharedstatedir=/usr/com'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info' > '--enable-shared' '--disable-static' '--disable-dependency-tracking' > '--with-index-server=amandahost' '--with-tape-server=amandahost'
> '--with-config=DailySet1' > '--with-gnutar-listdir=/var/lib/amanda/gnutar-lists' &#! > 39;--with-smbclient=/usr/bin/smbclient' > '--with-dumperdir=/usr/lib64/amanda/dumperdir' '--with-amandahosts'
> '--with-user=amanda' '--with-group=disk' > '--with-tmpdir=/var/log/amanda' '--with-gnutar=/bin/tar' > '--with-ssh-security' '--with-krb5-security=/usr/kerberos'"
> paths: bindir="/usr/bin" sbindir="/usr/sbin" > libexecdir="/usr/lib64/amanda" mandir="/usr/share/man" > AMANDA_TMPDIR="/var/log/amanda" > AMANDA_DBGDIR="/var/log/amanda" CONFIG_DIR="/etc/amanda"
> DEV_PREFIX="/dev/" RDEV_PREFIX="/dev/" DUMP="/sbin/dump" > RESTORE="/sbin/restore" VDUMP=UNDEF VRESTORE=UNDEF > XFSDUMP=UNDEF XFSRESTORE=UNDEF VXDUMP=UNDEF VXRESTORE=UNDEF
> SAMBA_CLIENT="/usr/bin/smbclient" GNUTAR="/bin/tar" > COMPRESS_PATH="/bin/gzip" UNCOMPRESS_PATH="/bin/gzip" > LPRCMD="/usr/bin/lpr" MAILER="/usr/bin/Mail"
> listed_incr_dir="/var/lib/amanda/gnutar-lists" > defs: DEFAULT_SERVER="amandahost" DEFAULT_CONFIG="DailySet1" > DEFAULT_TAPE_SERVER="amandahost" > DEFAULT_TAPE_DEVICE="null:" HAVE_MMAP HAVE_SYSVSHM
> LOCKING=POSIX_FCNTL SETPGRP_VOID DEBUG_CODE > AMANDA_DEBUG_DAYS=4 BSD_SECURITY RSH_SECURITY USE_AMANDAHOSTS > CLIENT_LOGIN="amanda" FORCE_USERID HAVE_GZIP > COMPRESS_SUFFIX=".gz" COMPRESS_FAST_OPT="--fast"
> COMPRESS_BEST_OPT="--best" UNCOMPRESS_OPT="-dc" > ---- > > And We read the amanda.org <http://amanda.org> Page(
> http://www.amanda.org/docs/kerberos.html#id353699),but > <http://www.amanda.org/docs/kerberos.html#id353699%29,but
> We didn't > solve the problem. > > Would you please answer follow question? > > 1) Can the krb5 encryption be constructed with amanda that the bundle > is done with RHEL5?
> > 2) How should I do to construct the krb5 encryption with amanda that > the bundle is done > with RHEL5? > > Your prompt reply would be greatly appreciated. > > Thanks in advance.
|
|
|