[HCoop-Discuss] I no longer can make automated backups
docelic
docelic at hcoop.net
Mon Jul 2 04:55:40 EDT 2007
On Sun, Jul 01, 2007 at 04:49:48PM -0700, Eric Hanchrow wrote:
> >>>>> "Adam" == Adam Megacz <megacz at hcoop.net> writes:
>
> Adam> A more secure alternative is to install the AFS client on
> Adam> your machine-to-be-backed-up and put your offby1.daemon
> Adam> keytab on that machine.
>
> Sounds fine. Where should I read to learn just what a "keytab" is,
> how to make one, and how to install it?
Keytab is a normal file which contains the secret to authenticate
with Kerberos. Usually you type in your password, but with a keytab
it can be non-interactive.
It's worth noting that you can't have both a password and a keytab
for the same "principal" (username) in Kerberos. Exporting the key
to a keytab effectively invalidates your password.
Therefore, we have to have two principals in kerberos for each user. One
for interactive, and one for non-interactive work. Users can read their
own keytabs; your keytab is in /etc/keytabs/user.daemon/USERNAME .
Copy it to your machine, and then invoke kinit or k5start with the
path to the file. (See man page for command line switches. Also note
that your username will be offby1.daemon, not offby1). This step will
automatically invoke aklog to authenticate to HCoop AFS.
I think megacz was advising you to install the AFS client so that the
HCoop disk would appear to you "locally" in /afs/hcoop.net/user/o/of/offby1 .
Log in to mire and use 'fs sa -help' to see how to grant write permission
to offby1.daemon to certain directories. Something like,
fs sa backup offby1.daemon write
Then you can begin backing up files by just invoking the
usual command cp, rsync, or anything..
cp -a /some/directory /afs/hcoop.net/user/o/of/offby1/backup
rsync -Cv /some/directory /afs/hcoop.net/user/o/of/offby1/backup
Cya,
-doc
More information about the HCoop-Discuss
mailing list