[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypting data during replication?????

On Tue, 28 Dec 1999, Luke Howard wrote:

> >There is the kerberos thing, but it is only for authentication, it does not actually encrypt the data. 
> When there is SASL support, perhaps this will be an option, using
> the GSS-API SASL mechanism.
> The tricky thing about Kerberos and long-lived clients (such as
> replication daemons) is that you need to refresh the credentials
> cache before the ticket expires. This is logic which is not to
> my knowledge provided by the Kerberos client library.

- If you have a keytab(V5) or srvtab(V4), it's a single library
call to refresh your credentials. My philosophy has been to 
write a simple deamon to manage the credentials. I use this 
deamon all over the place, and the application only needs to 
specify where it's tgt file is. This can be done either via
a simple env shell script or via calls from within the deamon. 

- Booker C. Bense