(Illustration by Gaich Muramatsu)
I have a coda server and several clients set up. In order for me to feel comfortable putting real data on it, I need to address the issues of backups and security. While coda has a backup scheme, it doesn't seem to be integrated with amanda (http://www.amanda.org/), and thus it would be annoying for me to use it. In the glorious future, it will be easier to plug in other schemes to amanda etc. and all will be simple. But for now, I settled on using Gnu tar to do a hackish but adequate job. Basically, I did 1. put in a cronjob for root on the (single) server to clog from a file as a user that can read everything that should be backed up 2. configured amanda normally on the box 3. configured the amanda server to dump each volume with gnu tar Except for some silly mistakes while configuring, this seems to work. I know that really I should clone the volumes and back up the clones, and I should figure out how to use the coda backup program, since I lose all metadata. To address the latter, I wrote a simple script to list the acls. Should I need the backups, I'll write something to put them back! But this gets me the files, and that's the first-order need. The second issue is security. Coda tokens (xor, I believe) are not adequate. My current plan is to use IPSEC for all coda traffic, and use the coda auth underneath it. However, this won't work across firewalls that block AH/ESP. I'd like to use the krbsupport.c K5 support, but also have the rpc2 security be at least DES. Any hints/code for this would be most welcome. It appears that coda lacks strong authentication due to export control. Since in theory only encryption is regulated, I can't see how including strong authentication but no confidentiality support would run afoul of the rules as written. While I'd like both, it's really the lack of authentication that bothers me the most. I'm unfortunately not big on copious spare time, but I thought I would mention this here. Greg Troxel <gdt_at_ir.bbn.com> #!/bin/sh cd /coda find . -type d | while read d; do \ echo $d cfs la $d cfs la $d > $d/.save-acl-data ls -l $d/.save-acl-data doneReceived on 1999-11-02 12:09:26