[Date Prev][Date Next]
Re: Encrypting data during replication?????
On Tue, 28 Dec 1999, Luke Howard wrote:
> >There is the kerberos thing, but it is only for authentication, it does not actually encrypt the data.
> When there is SASL support, perhaps this will be an option, using
> the GSS-API SASL mechanism.
> The tricky thing about Kerberos and long-lived clients (such as
> replication daemons) is that you need to refresh the credentials
> cache before the ticket expires. This is logic which is not to
> my knowledge provided by the Kerberos client library.
- If you have a keytab(V5) or srvtab(V4), it's a single library
call to refresh your credentials. My philosophy has been to
write a simple deamon to manage the credentials. I use this
deamon all over the place, and the application only needs to
specify where it's tgt file is. This can be done either via
a simple env shell script or via calls from within the deamon.
- Booker C. Bense