[Csync2] csync2 and recent gnutls
Oliver Daniel
DOLIVER1 at qinetiq.com
Tue Sep 22 10:27:42 CEST 2009
> While at it...
>
> Rather than implementing yet again some web of trust between your
servers, I think it would be more useful to get rid of ssl in csync2,
replacing it with a "pipe mode" via some "tunnel" keyword in the config
file. The $tunnel command would then be invoked with the peer name to
connect to, and "--" "/usr/sbin/csync2" (the second one possibly being a
(per-peer?) config parameter as well).
>
> For starters, I would be fine without the generic "tunnel" method, and
hardcode the only likely candidate, namely ssh, for some special command
line option. For example tunnel="ssh -l root -o BatchMode=yes".
>
While I agree that being able to use an arbitrary tunnel is a
configuration advantage, please make sure that it really is generic --
for a number of our installations, SSH would be impossible because we
have very limited trust between the machines and have tightly bounded
csync2 with SELinux.
Dan.
The information contained in this E-Mail and any subsequent
correspondence is private and is intended solely for the intended
recipient(s). The information in this communication may be
confidential and/or legally privileged. Nothing in this e-mail is
intended to conclude a contract on behalf of QinetiQ or make QinetiQ
subject to any other legally binding commitments, unless the e-mail
contains an express statement to the contrary or incorporates a formal Purchase Order.
For those other than the recipient any disclosure, copying,
distribution, or any action taken or omitted to be taken in reliance
on such information is prohibited and may be unlawful.
Emails and other electronic communication with QinetiQ may be
monitored and recorded for business purposes including security, audit
and archival purposes. Any response to this email indicates consent
to this.
Telephone calls to QinetiQ may be monitored or recorded for quality
control, security and other business purposes.
QinetiQ Limited
Registered in England & Wales: Company Number:3796233
Registered office: 85 Buckingham Gate, London SW1E 6PD, United Kingdom
Trading address: Cody Technology Park, Cody Building, Ively Road, Farnborough, Hampshire, GU14 0LX, United Kingdom
http://www.qinetiq.com/home/notices/legal.html
More information about the Csync2
mailing list