Subject: Re: rdist and ssh
To: None <netbsd-users@netbsd.org>
From: Wolfgang Rupprecht <wolfgang+gnus20021124T105924@wsrcc.com>
List: netbsd-users
Date: 11/24/2002 10:59:53
smb@research.att.com (Steve Bellovin) writes:
> Is it possible to use rdist over ssh?  I'm trying to keep several 
> machines synchronized from one master machine, but I decline to enable 
> the rsh port.  The obvious thing to try is

If krb-only rsh is ok, here is what I used to do:

    export KRB5CCNAME=/tmp/krb5cc_0_$$
    kinit -k -t /etc/krb5.keytab host/capsicum.wsrcc.com@WSRCC.COM 
    # Only update /etc daily.  Full update every weekend. 
    (date; nice -20 time rdist6 -P /usr/bin/rsh -f /etc/Distfile "$@";\
        date) 2>&1 >> /var/log/rdist.log
    kdestroy

I found I needed rdist6 (from pkgsrc), and I needed an unencrypted krb
keytab, but for unattended service you really need an unprotected
secret kicking around someplace.

-wolfgang
-- 
We are from the U.N. and we are here to help you.

spider food: http://www.wsrcc.com/baddream/usenet/
(NOTE: The email address above is valid.  Edit it at your own peril.)