Rsync works great, but for many network administrators it is difficult to
manage a secondary user database to secure the rsync paths.
The proposal is to develop an option for the rsync (daemon and client) so
they can load some "security modules" developed as dynamic libraries.
This
approach would keep the rsync itself platform independent, while the
security modules can be very platform dependent, since they would be able
to
manage Windows, Radix, ldap or unix password file authentication.
Actual password-file security system can be re-written as a build-in
default
authentication module, of course platform idependent.
I think this is according to the philosophy of the product, since rsync
handles with file synchronisation it doesn't need to be also an expert in
security.
Sample:
Let's assume that the daemon and the client are running on windows
machines.
It is desired to implement a windows security approach, therefore any user
that is able to read/write the main directory of the module should be
allowed to write/read it.
Server would be started with the projected option
'--security-module=windows' so it will search for the
'rsyncwindowsserver.dll' on start.
On the client side, with the same option, the 'rsyncwindowsclient.dll'
would
be loaded. If no username and password is given, the actual security token
would be sent to the server as authentication, else the user and password
given in command line. The rsync daemon would call the 'authenticate'
function from the server DLL and based on the aswer of the function it will
allow or deny the client access and it would elaborate an welcome/error
message.
I would be pleased to receive comments, improvements ideas and critics from
you.
Since I am a programmer, I would be delighted to help writing this feature.
Regards,
Razvan
