>> Rsync without ssh is insecure. I?d definitely urge to discourage rsync
without ssh on wiki.samba.org. And with ssh, rsync is imho a lot more
>>cumbersome to configure across a dynamic landscape.
>Why? SSH can be set up to use LDAP, for password auth, to pull SSH keys
>from it, or both.
See https://lists.samba.org/archive/samba/2019-July/224346.html second
paragraph. Without ssh communication is unencrypted and the server not
authenticated.
I haven?t checked details, but I assume password authentication with ldap is
even less secure as rsync then likely cannot do challenge/response
authentication, implying an attacker can obtain your passwords.
Rsync with ssh public keys managed via ldaps (and trustworthy certificates) is
likely a secure option, but I haven?t seen a good tutorial on that. Even if
possible however ? why not reuse the existing Kerberos authentication and SMB3?
Joachim