[6255] in Kerberos
Re: batch/cron jobs vi rsh
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sat Nov 18 12:12:51 1995
To: murrell@bctel.net (Brian Murrell)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "16 Nov 1995 14:28:19 PST."
<48gdu3$ihl@mocha.bctel.net>
Date: Sat, 18 Nov 1995 11:57:30 EST
From: Sam Hartman <hartmans@MIT.EDU>
>>>>> "Brian" == Brian Murrell <murrell@bctel.net.> writes:
Brian> How does one do batch or cron jobs that require rsh
Brian> availablity to another machine. Specifically, I want to
Brian> have a nightly backup which basically does a:
Brian> tar cvf - / | rsh backup_server "cat >/dev/tape_device"
Look at the ksrvtgt man page. You basically create a srvtab on the machine being backed up, and then give it login permission to the backup server. (I normally tend to do it the other way around, running the cron job on the machine with the tape drive, and giving it login permission on the machine to be backed up). Be aware that you won't be encrypting the data over the net, so don't back up sensative files like:
* Kerberos srvtabs, keytabs, etc.
* Kerberos master key stashes on the KDC
* Other encryption key information, such as active ticket files, other security applications' data, etc.
Also, if you are using krb5 instead of krb4, you'll need to
create a keytab instead of a srvtab, and use the kinit -k option.
--Sam
Brian> as root every night. How does the batch job get tickets to
Brian> do this. It also scares me to have this automated "root"
Brian> access to remote machines.
Brian> We would also consider setting up a special instance and
Brian> process on the backup server for doing this if it makes the
Brian> job any easier/more secure.
Brian> Any ideas at all would be appreciated.
Brian> b.
Brian> -- Brian J. Murrell murrell@bctel.net BCTel Advanced
Brian> Communications brian@ilinx.com Vancouver, B.C.
Brian> brian@wimsey.com 604 454 5261
