1AMANDA-AUTH(7)                    Miscellanea                   AMANDA-AUTH(7)
2
3
4

NAME

6       amanda-auth - Communication/Authentication methods between Amanda
7       server and client
8

DESCRIPTION

10       Amanda offers 7 methods of communication between Amanda server
11       (sometimes also called the tape server) and clients, each with its own
12       authentication method. The desired communication method is specified by
13       the auth parameter in the amanda.conf file (amanda.conf(5)) commonly as
14       a dumptype. Valid values to the auth parameter are bsd, bsdudp, bsdtcp,
15       krb4, krb5, local, rsh, and ssh. Please note that krb4 will be removed
16       in the next release. The authentication and communication method is
17       used during the backup process amdump (amdump(8)) as well as the
18       recovery process amrecover (amrecover(8)).
19

COMPILATION AND GENERAL INFORMATION

21       The communication method and thus type of authentication that will be
22       used by the Amanda server is specified by the auth parameter in the
23       dumptype for each disklist entry (DLE). The auth parameter thus may be
24       easily and globally specified in the "global" dumptype. If auth is not
25       specified, the bsd communication method is used. See amanda.conf(5) for
26       more information on Amanda configuration and dumptypes, and disklist(5)
27       for more information on disklists.
28
29       On the client side, the Amanda daemon amandad validates the connection
30       depending on the value of the auth argument passed to it (see
31       Amanda(8)). Also, when it comes to recovery, the auth parameter can be
32       specified in the amanda-client.conf(5) file to specify the
33       communication method to be used by the client to the server.
34
35       When Amanda is being built from source code, desired communication and
36       thus authentication methods (shown as "Authentication") must be
37       specified as configure options at compilation time.
38
39       Authentication   Configure option(s)
40        bsd           --with-bsd-security      --with-amandahosts (pre-2.6)
41        bsdtcp        --with-bsdtcp-security   --with-amandahosts (pre-2.6)
42        bsdudp        --with-bsdudp-security   --with-amandahosts (pre-2.6)
43        krb5          --with-krb5-security
44        local          (always included)
45        rsh           --with-rsh-security
46        ssh           --with-ssh-security
47
48       There are additional configure options for bsd, bsdudp, and bsdtcp to
49       allow for specifying explicit UDP and TCP port ranges.
50
51          --with-udpportrange
52          --with-tcpportrange
53          --with-low-tcpportrange
54
55       See PORT USAGE below for more information.
56
57       There are additional configure options for Kerberos if you so desire.
58       All but the last option are for Kerberos 4. Defaults shown in square
59       brackets.
60
61          --with-server-principal=ARG    server host principal  [amanda]
62          --with-server-instance=ARG     server host instance   []
63          --with-server-keyfile=ARG      server host key file   [/.amanda]
64          --with-client-principal=ARG    client host principal  [rcmd]
65          --with-client-instance=ARG     client host instance   [HOSTNAME_INSTANCE]
66          --with-client-keyfile=ARG      client host key file   [KEYFILE]
67          --with-ticket-lifetime=ARG     ticket lifetime        [128]
68          --with-krb4-security=DIR       where libkrb.a lives   [see below]
69          --with-krb5-security=DIR       where libkrb.a lives   [see below]
70
71       If configuring with --with-krb4-security and/or --with-krb5-security,
72       the configure script will search under /usr/kerberos/lib,
73       /usr/cygnus/lib, /usr/lib, and /opt/kerberos/lib for the kerberos bits,
74       libkrb.a, in this order. Kerberos support will not be added if it does
75       not find them. If the kerberos bits are found under some other
76       hierarchy, you can specify this via --with-krb5-security=DIR and/or
77       --with-krb4-security=DIR, where DIR is where the kerberos bits live.
78       The configure script will then look in the ´lib´ directory under this
79       hierarchy for libkrb.a.
80
81       The auth parameter selects a communication/authentication method to use
82       between the client and the backup server. These methods are described
83       each in their own section below.
84

BSD, BSDUDP, AND BSDTCP COMMUNICATION AND AUTHENTICATION

86       For additional information including example configurations, see
87       http://wiki.zmanda.com/index.php/Configuring_bsd/bsdudp/bsdtcp_authentication.
88
89       The bsd, bsdudp, and bsdtcp communication methods use either UDP, TCP,
90       or both protocols operating as a network service to authenticate and
91       exchange data between server and clients.
92
93       In addition to compilation and general configuration (see COMPILATION
94       AND GENERAL INFORMATION above), the authentication method that the
95       client is configured to receive is specified by the auth parameter in
96       the network service configuration for Amanda. The authentication method
97       used by an Amanda client to reach the server during recovery is the
98       authentication method specified by the auth parameter in the client´s
99       Amanda network service configuration or in its amanda-client.conf file
100       (see amanda-client.conf(5)).
101
102       By default, Amanda use the "amanda" service name and associated port
103       set in /etc/services. It can be changed by setting the dumptype
104       client_port option to a different port number or a different service
105       name. All examples are for the service name "amanda" that uses the
106       default port 10080.
107
108   .amandahosts file
109       Servers and clients using the bsd, bsdudp, and bsdtcp authentication
110       methods refer to the .amandahosts file to control access. Amanda should
111       be compiled for this access control if one of these methods will be
112       used and is the default compilation option for Amanda 2.6 (use
113       --with-amandahosts when compiling pre-2.6 versions of Amanda).
114
115       Amanda looks for the .amandahosts file in the Amanda user´s home
116       directory, commonly /var/lib/amanda.
117
118       Each authorization is on its own line in the following format
119
120       hostname [ username [ service...  ] ]
121
122       If username is ommitted, it defaults to the user running amandad, i.e.
123       the user listed in the inetd or xinetd configuration file.
124
125       service...  is a space-delimited list of services the client is
126       authorized to execute: noop, selfcheck, sendsize, sendbackup, amdump (a
127       shortcut for the previous four services which are required on clients),
128       amindexd, and amidxtaped. The last two services are required on a
129       server for clients to connect to it using amrecover.
130
131       If service is omitted, it defaults to noop selfcheck sendsize
132       sendbackup (which is equivalent to amdump).
133
134       Example of the .amandahosts file on an Amanda client
135
136           amandaserver.example.com   amandabackup   amdump
137
138       Example of the .amandahosts file on an Amanda server
139
140           amandaclient1.example.com   root   amindexd amidxtaped
141
142   bsd communication and authentication
143       The authentication is done using .amandahosts file in the Amanda user´s
144       home directory. The protocol between Amanda server and client is UDP.
145       The number of disk list entries (DLEs)--number of Amanda clients--is
146       limited by the UDP packet size. This authentication protocol will use a
147       different port for each data stream (see PORT USAGE below)
148
149   bsdudp communication and authentication
150       The authentication is done using .amandahosts files in the Amanda
151       user´s home directory. It uses UDP protocol between Amanda server and
152       client for data and hence the number of DLEs is limited by the UDP
153       packet size. It uses one TCP port to establish the connection and
154       multiplexes all data streams using one port on the server (see PORT
155       USAGE below).
156
157   bsdtcp communication and authentication
158       The authentication is done using .amandahosts files in the backup
159       user´s (for example: amandabackup) home directory. It uses TCP protocol
160       between Amanda server and client. On the client, two reserved ports are
161       used. On the server, all data streams are multiplexed to one port (see
162       PORT USAGE below).
163
164   USING INETD SERVER
165       Template for Amanda client inetd service entry
166
167          service_name socket_type protocol wait/nowait amanda_backup_user absolute_path_to_amandad amandad server_args
168
169       Client example of using bsd authorization for inetd server given Amanda
170       user is "amandabackup":
171
172          amanda dgram udp wait amandabackup /path/to/amandad amandad -auth=bsd amdump
173
174       The same could be used for bsdudp if specifying -auth=bsdudp instead of
175       -auth=bsd.
176
177       Client example of using bsdtcp authorization for inetd server given
178       Amanda user is "amandabackup":
179
180          amanda stream tcp nowait amanda /path/to/amandad amandad -auth=bsdtcp amdump
181
182       amindexd and amidxtaped would typically be added at the end of the line
183       as amandad server arguments for an Amanda server.
184
185       Server example of using bsdtcp authorization for inetd server given
186       Amanda user is "amandabackup":
187
188          amanda stream tcp nowait amanda /path/to/amandad amandad -auth=bsdtcp amdump amindexd amidxtaped
189
190       For Amanda version 2.5.0 and earlier, remember that neither bsdudp nor
191       bsdtcp are supported and the Amanda daemon amandad accepts no
192       arguments. Because of the latter, amrecover as of Amanda version 2.5.1
193       is not compatible with 2.5.0 and earlier servers. Thus, servers that
194       are 2.5.0 or earlier must, in addition to the amanda service, run
195       amindexd and amidxtaped Amanda services as their own network services,
196       amandaidx and amidxtape, respectively (see below).
197
198       There are no compatibility issues if server and clients are all 2.5.0
199       or earlier. If your server is 2.5.1 or later, you can still have
200       clients that are 2.5.0 and earlier although you must then use bsd
201       communication/authentication with these clients and must also run
202       amindexd and amidxtaped Amanda services on the server as their own
203       network services, amandaidx and amidxtape, respectively (see below). If
204       you have a server that is 2.5.0 and earlier, clients of a later version
205       on which you wish to run amrecover must use amoldrecover instead and,
206       again, the server must be running the amandaidx and amidxtape network
207       services.
208
209       Example of amindexd and amidxtaped Amanda daemon services configured as
210       their own network services for a 2.5.0 or earlier server or a newer
211       server having 2.5.0 or earlier clients
212
213          amandaidx stream tcp nowait amanda /usr/local/libexec/amanda/current/amindexd   amindexd
214          amidxtape stream tcp nowait amanda /usr/local/libexec/amanda/current/amidxtaped amidxtaped
215
216   USING XINETD SERVER
217       Template for Amanda client xinetd service file
218
219       service amanda
220       {
221            only_from               = Amanda server
222            socket_type             = socket type
223            protocol                = protocol
224            wait                    = yes/no
225            user                    = amanda backup user
226            group                   = amanda backup user group id
227            groups                  = yes
228            server                  = absolute path to amandad
229            server_args             = amandad server arguments
230            disable                 = no
231       }
232
233       The only_from parameter can be used with xinetd but is usually in
234       addition to the primary form of access control via the .amandahosts
235       file.
236
237       Client example of using bsd authorization for xinetd server and for
238       Amanda user "amandabackup":
239
240       service amanda
241       {
242            only_from       = amandaserver.example.com
243            socket_type     = dgram
244            protocol        = udp
245            wait            = yes
246            user            = amandabackup
247            group           = disk
248            groups          = yes
249            server          = /path/to/amandad
250            server_args     = -auth=bsd amdump
251            disable         = no
252       }
253
254       The same could be used for bsdudp if specifying -auth=bsdudp instead of
255       -auth=bsd.
256
257       Client example of using bsdtcp authorization for xinetd server and for
258       Amanda user "amandabackup":
259
260       service amanda
261       {
262            only_from       = amandaserver.example.com amandaclient.example.com
263            socket_type     = stream
264            protocol        = tcp
265            wait            = no
266            user            = amandabackup
267            group           = disk
268            groups          = yes
269            server          = /path/to/amandad
270            server_args     = -auth=bsdtcp amdump
271            disable         = no
272       }
273
274       amindexd and amidxtaped would typically be added as additional amandad
275       server_args for an Amanda server.
276
277       For Amanda version 2.5.0 and earlier, remember that neither bsdudp nor
278       bsdtcp are supported and the Amanda daemon amandad accepts no
279       arguments. Because of the latter, amrecover as of Amanda version 2.5.1
280       is not compatible with 2.5.0 and earlier servers. Thus, servers that
281       are 2.5.0 or earlier must, in addition to the amanda service, run
282       amindexd and amidxtaped Amanda services as their own network services,
283       amandaidx and amidxtape, respectively (see below).
284
285       There are no compatibility issues if server and clients are all 2.5.0
286       or earlier. If your server is 2.5.1 or later, you can still have
287       clients that are 2.5.0 and earlier although you must then use bsd
288       communication/authentication with these clients and must also run
289       amindexd and amidxtaped Amanda services on the server as their own
290       network services, amandaidx and amidxtape, respectively (see below). If
291       you have a server that is 2.5.0 and earlier, clients of a later version
292       on which you wish to run amrecover must use amoldrecover instead and,
293       again, the server must be running the amandaidx and amidxtape network
294       services.
295
296       Example of amindexd and amidxtaped Amanda daemon services configured as
297       their own network services for a 2.5.0 or earlier server or a newer
298       server having 2.5.0 or earlier clients
299
300       service amandaidx
301       {
302            socket_type         = stream
303            protocol       = tcp
304            wait           = no
305            user           = amanda
306            group               = disk
307            server              = /usr/local/libexec/amanda/amindexd
308            disable             = no
309       }
310
311       service amidxtape
312       {
313            socket_type         = stream
314            protocol       = tcp
315            wait           = no
316            user           = amanda
317            group               = disk
318            server              = /usr/local/libexec/amanda/amidxtaped
319            disable             = no
320       }
321
322   PORT USAGE
323       List of TCP/UDP ports used by network service communication methods for
324       Amanda server and client.
325
326          Key:
327              UP = Unreserved Port
328           RPpAP = Reserved Port per Amanda Process
329          UPpDLE = Unreserved Port per DLE
330            [..] = Configure options that can be used at compile time to define port ranges
331
332       Authentication Protocol  Amanda server                      Amanda client
333       bsd            udp       1 RPpAP [--with-udpportrange]      10080
334                      tcp       1 UP [--with-tcpportrange]         3 UPpDLE [--with-tcpportrange]
335       bsdudp         udp       1 RPpAP [--with-udpportrange]      10080
336                      tcp       1 UP [-with-tcpportrange]          1 UPpDLE [--with-tcpportrange]
337       bsdtcp         tcp       1 RPpAP [--with-low-tcpportrange]  10080
338
339       Amanda server also uses two ports (dumper process) to communicate with
340       the chunker/taper processes. These ports are in the range set by
341       --with-tcpportrange.
342
343       You can override the default port ranges that Amanda was compiled with
344       in each configuration using the reserved-udp-port, reserved-tcp-port,
345       and unreserved-tcp-port parameters in amanda.conf and
346       amanda-client.conf configuration files (see amanda.conf(5) and amanda-
347       client.conf(5)).
348

KERBEROS COMMUNICATION AND AUTHENTICATION

350       For more detail, see
351       http://wiki.zmanda.com/index.php/Kerberos_authentication.
352
353       Amanda supports Kerberos 4 and 5 communication methods between Amanda
354       server and client. Please note, however, that support for Kerberos 4
355       will be removed in the next release.
356
357       General information including compilation are given above (see
358       COMPILATION AND GENERAL INFORMATION above). Below sections give
359       specific Kerberos 4 and 5 information.
360
361   KERBEROS v4
362       Please note that support for Kerberos 4 will be removed in the next
363       release.
364
365       Kerberos 4 uses UDP protocol and the number of DLEs is limited by UDP
366       packet size.
367
368       The kerberized AMANDA service uses a different port on the client
369       hosts. The /etc/services line is:
370
371           kamanda      10081/udp
372
373       And the /etc/inetd.conf line is:
374
375           kamanda dgram udp wait root /usr/local/libexec/amanda/amandad amandad -auth=krb4
376
377       Note that you´re running this as root, rather than as your dump user.
378       AMANDA will set its uid down to the dump user at times it doesn´t need
379       to read the srvtab file, and give up root permissions entirely before
380       it goes off and runs dump. Alternately you can change your srvtab files
381       to be readable by user amanda.
382
383       The following dumptype options apply to krb4:
384
385       auth "krb4"    # use krb4 auth for this host
386                      # (you can mingle krb hosts and bsd .rhosts in one conf)
387       kencrypt       # encrypt this filesystem over the net using the krb4
388                      # session key.  About 2x slower.  Good for those root
389                      # partitions containing your keyfiles.  Don´t want to
390                      # give away the keys to an ethernet sniffer!
391                      # This is currently always enabled.  There is no
392                      # way to disable it.  This is a bug.
393
394   KERBEROS v5
395       Kerberos 5 uses TCP and the server uses only one TCP port and data
396       streams are multiplexed to this port.
397
398
399       The krb5 driver script defaults to:
400
401       /*
402        * The lifetime of our tickets in minutes.
403        */ #define AMANDA_TKT_LIFETIME     (12*60)
404
405       /*
406        * The name of the service in /etc/services.
407        */ #define AMANDA_KRB5_SERVICE_NAME        "k5amanda"
408
409       You can currently only override these by editing the source code.
410
411       The kerberized AMANDA service uses a different port on the client
412       hosts. The /etc/services line is:
413
414          k5amanda      10082/tcp
415
416       And the /etc/inetd.conf line is:
417
418          k5amanda stream tcp nowait root /usr/local/libexec/amanda/amandad amandad -auth=krb5
419
420       Note that you´re running this as root, rather than as your dump user.
421       AMANDA will set its UID down to the dump user at times it doesn´t need
422       to read the keytab file, and give up root permissions entirely before
423       it goes off and runs dump. Alternately you can change your keytab files
424       to be readable by user amanda. You should understand the security
425       implications of this before changing the permissions on the keytab.
426
427       The following dumptype options apply to krb5:
428
429          auth "krb5"    # use krb5 auth for this host
430                         # (you can mingle krb hosts and bsd .rhosts in one conf)
431
432       The principal and keytab files that Amanda uses must be set in the
433       amanda.conf file for kerberos 5 dumps to work. You can hardcode this in
434       the source code if you really want to (common-src/krb5-security.c)
435
436          krb5keytab
437          krb5principal
438
439       For example:
440
441          krb5keytab    "/etc/krb5.keytab-amanda"
442          krb5principal  "amanda/saidin.omniscient.com"
443
444       The principal in the second option must be contained in the first. The
445       keytab should be readable by the amanda user (and definitely not world
446       readable!) and is (obviously) on the server. In MIT´s kadmin, the
447       following:
448
449          addprinc -randkey amanda/saidin.omniscient.com
450          ktadd -k /etc/krb5.keytab-amanda amanda/saidin.omniscient.com
451
452       will do the trick. You will obviously want to change the principal name
453       to reflect something appropriate for the conventions at your site.
454
455       You must also configure each client to allow the amanda principal in
456       for dumps.
457
458       There are several ways to go about authorizing a server to connect to a
459       client.
460
461       The normal way is via a .k5amandausers file or a .k5login file in the
462       client user´s home directory. The determination of which file to use is
463       based on the way you ran configure on AMANDA. By default, AMANDA will
464       use .k5amandahosts, but if you configured with --without-amandahosts,
465       AMANDA will use .k5login. (similar to the default for
466       .rhosts/.amandahosts-style security). The .k5login file syntax is a
467       superset of the default krb5 .k5login. The routines to check it are
468       implemented in amanda rather than using krb5_kuserok because the
469       connections are actually gssapi based.
470
471       This .k5amandahosts/.k5login is a hybrid of the .amandahosts and a
472       .k5login file. You can just list principal names, as in a .k5login file
473       and the principal will be permitted in from any host. If you do NOT
474       specify a realm, then there is no attempt to validate the realm (this
475       is only really a concern if you have cross-realm authentication set up
476       with another realm or something else that allows you multiple realms in
477       your kdc. If you do specify a realm, only that principal@realm will be
478       permitted to connect.
479
480       You may prepend this with a hostname and whitespace, and only that
481       principal (with optional realm as above) will be permitted to access
482       from that hostname.
483
484       Here are examples of valid entries in the .k5amandahosts:
485
486          service/amanda
487          service/amanda@TEST.COM
488          dumpmaster.test.com service/amanda
489          dumpmaster.test.com service/amanda@TEST.COM
490
491       Rather than using a .k5amandahosts or .k5login file, the easiest way is
492       to use a principal named after the destination user, (such as
493       amanda@TEST.COM in our example) and not have either a .k5amandahosts or
494       .k5login file in the destination user´s home directory.
495
496       There is no attempt to verify the realm in this case (only a concern if
497       you have cross-realm authentication setup).
498

LOCAL COMMUNICATION

500       The Amanda server communicates with the client internally versus over
501       the network, ie. the client is also the server.
502
503       This is the only method that requires no authentication as it is
504       clearly not needed.
505

RSH COMMUNICATION AND AUTHENTICATION

507       For more detail, see
508       http://wiki.zmanda.com/index.php/Configuring_rsh_authentication.
509
510       The Amanda server communicates with its client as the Amanda user via
511       the RSH protocol.
512
513       Please note that RSH protocol itself is insecure and should be used
514       with caution especially on any servers and clients with public IPs.
515
516       Each Amanda client communicates with the server using one TCP port and
517       all data streams from the client are multiplexed over one port. The
518       number of Amanda clients is limited by the number of reserved ports
519       available on the Amanda server. Some versions of RSH do not use
520       reserved ports and, thus, this restriction is not valid.
521
522       General information including compilation is given above (see
523       COMPILATION AND GENERAL INFORMATION above).
524
525       In addition to specifying the auth field in dumptype definition, it
526       might be required to specify client_username and amandad fields. If the
527       backup user name is different on the Amanda client, the user name is
528       specified as client_username. If the location of the Amanda daemon
529       amandad is different on the Amanda client, the location is specified as
530       amandad_path field value.
531
532       For example:
533       define dumptype rsh_example {
534                ...
535                auth "rsh"
536                client_username "amandabackup"
537                amandad_path "/usr/lib/exec/amandad"
538                ...
539       }
540

SSH COMMUNICATION AND AUTHENTICATION

542       For more detail, see
543       http://wiki.zmanda.com/index.php/How_To:Set_up_transport_encryption_with_SSH.
544
545       Amanda client sends data to the server using SSH. SSH keys have to be
546       set up so that Amanda server can communicate with its clients using
547       SSH.
548
549       General information including compilation is given above (see
550       COMPILATION AND GENERAL INFORMATION above).
551
552       SSH provides transport encryption and authentication. To set up an SSH
553       authentication session, Amanda will run the equivalent of the following
554       to start the backup process.
555
556          /path/to/ssh -l user_name client.zmanda.com $libexecdir/amandad
557
558       To use SSH, you need to set up SSH keys either by storing the
559       passphrase in cleartext, using ssh-agent, or using no passphrase at
560       all.  All of these options have security implications which should be
561       carefully considered before adoption.
562
563       When you use a public key on the client to do data encryption (see
564       http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption), you
565       can lock away the private key in a secure place. Both, transport and
566       storage will be encrypted with such a setup. See
567       http://wiki.zmanda.com/index.php/Encryption for an overview of
568       encryption options.
569
570       Enable SSH authentication and set the ssh_keys option in all DLEs for
571       that host by adding the following to the DLE itself or to the
572       corresponding dumptype in amanda.conf:
573
574         auth "ssh"
575         ssh_keys "/home/amandabackup/.ssh/id_rsa_amdump"
576
577       ssh_keys is the path to the private key on the client. If the username
578       to which Amanda should connect is different from the default, then you
579       should also add
580
581         client_username "otherusername"
582
583       If your server  amandad path and client  amandad path are different,
584       you should also add
585
586         amandad_path "/client/amandad/path"
587
588       For a marginal increase in security, prepend the keys used for AMANDA
589       in the clients´ authorized_keys file with the following:
590
591         from="amanda_server.your.domain.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/absolute/path/to/amandad -auth=ssh amdump"
592
593       This will limit that key to connect only from Amanda server and only be
594       able to execute amandad(8).
595
596       In the same way, prepend the key used for AMANDA in the server´s
597       authorized_keys file with:
598
599         from="amanda_client.your.domain.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/absolute/path/to/amandad -auth=ssh amindexd amidxtaped"
600
601       You can omit the from=.. option if you have too many clients to list,
602       although this has obvious security implications.
603
604       Set ssh_keys and any other necessary options in
605       /etc/amanda/amanda_client.conf:
606
607         auth "ssh"
608         ssh_keys "/root/.ssh/id_rsa_amrecover"
609         client_username "amanda"
610         amandad_path "/server/amandad/path"
611
612       Besides user keys, SSH uses host keys to uniquely identify each host,
613       to prevent one host from impersonating another. Unfortunately, the only
614       easy way to set up these host keys is to make a connection and tell SSH
615       that you trust the identity:
616
617         $ ssh client1.zmanda.com
618         The authenticity of host ´client1.zmanda.com (192.168.10.1)´ can´t be established.
619         RSA key fingerprint is 26:4e:df:a2:be:c8:cb:20:1c:68:8b:cc:c0:3b:8e:9d.
620         Are you sure you want to continue connecting (yes/no)?yes
621
622       As Amanda will not answer this question itself, you must manually make
623       every connection (server to client and client to server) that you
624       expect Amanda to make. Note that you must use the same username that
625       Amanda will use (that is, ssh client and ssh client.domain.com are
626       distinct).
627

SEE ALSO

629       amanda(8), amanda.conf(5), amanda-client.conf(5), disklist(5),
630       amdump(8), amrecover(8)
631
632       The Amanda Wiki: : http://wiki.zmanda.com/
633

AUTHORS

635       Jean-Louis Martineau <martineau@zmanda.com>
636           Zmanda, Inc. (http://www.zmanda.com)
637
638       Dustin J. Mitchell <dustin@zmanda.com>
639           Zmanda, Inc. (http://www.zmanda.com)
640
641       Paul Yeatman <pyeatman@zmanda.com>
642           Zmanda, Inc. (http://www.zmanda.com)
643
644
645
646Amanda 3.1.3                      10/04/2010                    AMANDA-AUTH(7)
Impressum