[OpenAFS] amanda-afs, authentication, and permissions

Shane Warner shane.warner@gmail.com
Tue, 2 Nov 2010 14:20:02 -0700


--20cf300faf4be0f7430494187caa
Content-Type: text/plain; charset=ISO-8859-1

If you're using the gtar wrapper you could just append the -localauth option
to the vos commands in the perl script. I don't remember if this is the
default behavior or if we added it to ours, but ours never requires any
authentication using this method.

On Tue, Nov 2, 2010 at 2:07 PM, Lewis, Dave <LEWIS@nki.rfmh.org> wrote:

> Hi,
>
> We would like to back up our OpenAFS cell using the latest version of
> AMANDA. I got amanda-afs from the amanda wiki and a patch for compiling
> it from
>
> http://www.mail-archive.com/openafs-info@openafs.org/msg17714.html
>
> I'm not sure how to handle authentication and permissions. Since we're
> using Kerberos 5 for OpenAFS authentication, I figured that I should use
> the "krb5" authentication type in amanda. I can't get that working.
> Before I ask an amanda user group I wanted to double-check and ask you
> guys:
>
> 1. Do I really need the "krb5" authentication for AFS backups with
> amanda?
>
> 2. How would the amanda backup user (amandabackup) have permissions to
> read all of the files to back them up?
>
> Server and clients: CentOS 5
> OpenAFS 1.4.10 and Kerberos 5 authentication
>
> Thanks,
> Dave
>
>
> Conserve resources. Print only when necessary.
>
> IMPORTANT NOTICE:  This e-mail is meant only for the use of the intended
> recipient.  It may contain confidential information which is legally
> privileged or otherwise protected by law.  If you received this e-mail in
> error or from someone who was not authorized to send it to you, you are
> strictly prohibited from reviewing, using, disseminating, distributing or
> copying the e-mail.  PLEASE NOTIFY US IMMEDIATELY OF THE ERROR BY RETURN
> E-MAIL AND DELETE THIS MESSAGE FROM YOUR SYSTEM.  Thank you for your
> cooperation.
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>

--20cf300faf4be0f7430494187caa
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

If you&#39;re using the gtar wrapper you could just append the -localauth o=
ption to the vos commands in the perl script. I don&#39;t remember if this =
is the default behavior or if we added it to ours, but ours never requires =
any authentication using this method.<br>
<br><div class=3D"gmail_quote">On Tue, Nov 2, 2010 at 2:07 PM, Lewis, Dave =
<span dir=3D"ltr">&lt;<a href=3D"mailto:LEWIS@nki.rfmh.org">LEWIS@nki.rfmh.=
org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"mar=
gin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-=
left: 1ex;">
Hi,<br>
<br>
We would like to back up our OpenAFS cell using the latest version of<br>
AMANDA. I got amanda-afs from the amanda wiki and a patch for compiling<br>
it from<br>
<br>
<a href=3D"http://www.mail-archive.com/openafs-info@openafs.org/msg17714.ht=
ml" target=3D"_blank">http://www.mail-archive.com/openafs-info@openafs.org/=
msg17714.html</a><br>
<br>
I&#39;m not sure how to handle authentication and permissions. Since we&#39=
;re<br>
using Kerberos 5 for OpenAFS authentication, I figured that I should use<br=
>
the &quot;krb5&quot; authentication type in amanda. I can&#39;t get that wo=
rking.<br>
Before I ask an amanda user group I wanted to double-check and ask you<br>
guys:<br>
<br>
1. Do I really need the &quot;krb5&quot; authentication for AFS backups wit=
h<br>
amanda?<br>
<br>
2. How would the amanda backup user (amandabackup) have permissions to<br>
read all of the files to back them up?<br>
<br>
Server and clients: CentOS 5<br>
OpenAFS 1.4.10 and Kerberos 5 authentication<br>
<br>
Thanks,<br>
Dave<br>
<br>
<br>
Conserve resources. Print only when necessary.<br>
<br>
IMPORTANT NOTICE: =A0This e-mail is meant only for the use of the intended =
recipient. =A0It may contain confidential information which is legally priv=
ileged or otherwise protected by law. =A0If you received this e-mail in err=
or or from someone who was not authorized to send it to you, you are strict=
ly prohibited from reviewing, using, disseminating, distributing or copying=
 the e-mail. =A0PLEASE NOTIFY US IMMEDIATELY OF THE ERROR BY RETURN E-MAIL =
AND DELETE THIS MESSAGE FROM YOUR SYSTEM. =A0Thank you for your cooperation=
.<br>

_______________________________________________<br>
OpenAFS-info mailing list<br>
<a href=3D"mailto:OpenAFS-info@openafs.org">OpenAFS-info@openafs.org</a><br=
>
<a href=3D"https://lists.openafs.org/mailman/listinfo/openafs-info" target=
=3D"_blank">https://lists.openafs.org/mailman/listinfo/openafs-info</a><br>
</blockquote></div><br>

--20cf300faf4be0f7430494187caa--