Mention that the MD4 password protection is weaker than

[rsync/rsync.git] / rsyncd.conf.yo

diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo
index 665dcd3..3b05a3e 100644 (file)
--- a/rsyncd.conf.yo
+++ b/rsyncd.conf.yo
@@ -1,5 +1,5 @@
 mailto(rsync-bugs@samba.org)
 mailto(rsync-bugs@samba.org)

-manpage(rsyncd.conf)(5)(7 Jul 2005)()()
+manpage(rsyncd.conf)(5)(28 Jul 2005)()()

 manpagename(rsyncd.conf)(configuration file for rsync in daemon mode)
 manpagesynopsis()
 
 manpagename(rsyncd.conf)(configuration file for rsync in daemon mode)
 manpagesynopsis()
 


@@ -269,7 +269,7 @@ system. The usernames may also contain shell wildcard characters. If
 "auth users" is set then the client will be challenged to supply a
 username and password to connect to the module. A challenge response
 authentication protocol is used for this exchange. The plain text
 "auth users" is set then the client will be challenged to supply a
 username and password to connect to the module. A challenge response
 authentication protocol is used for this exchange. The plain text

-usernames are passwords are stored in the file specified by the
+usernames and passwords are stored in the file specified by the

 "secrets file" option. The default is for all users to be able to
 connect without a password (this is called "anonymous rsync").
 
 "secrets file" option. The default is for all users to be able to
 connect without a password (this is called "anonymous rsync").
 


@@ -458,7 +458,8 @@ dit(bf(pre-xfer exec), bf(post-xfer exec)) You may specify a command to be run
 before and/or after the transfer.  If the bf(pre-xfer exec) command fails, the
 transfer is aborted before it begins.
 
 before and/or after the transfer.  If the bf(pre-xfer exec) command fails, the
 transfer is aborted before it begins.
 

-The following environment variables are set for both commands:
+The following environment variables will be set, though some are
+specific to the pre-xfer or the post-xfer environment:

 
 quote(itemize(
   it() bf(RSYNC_MODULE_NAME): The name of the module being accessed.
 
 quote(itemize(
   it() bf(RSYNC_MODULE_NAME): The name of the module being accessed.


@@ -466,33 +467,29 @@ quote(itemize(
   it() bf(RSYNC_HOST_ADDR): The accessing host's IP address.
   it() bf(RSYNC_HOST_NAME): The accessing host's name.
   it() bf(RSYNC_USER_NAME): The accessing user's name (empty if no user).
   it() bf(RSYNC_HOST_ADDR): The accessing host's IP address.
   it() bf(RSYNC_HOST_NAME): The accessing host's name.
   it() bf(RSYNC_USER_NAME): The accessing user's name (empty if no user).

-))
-
-These environment variables will also be set for the bf(post-xfer exec)
-command:
-
-quote(itemize(
-  it() bf(RSYNC_EXIT_STATUS): rsync's exit value.  This will be 0 for a
+  it() bf(RSYNC_REQUEST): (pre-xfer only) The module/path info specified
+  by the user (note that the user can specify multiple source files,
+  so the request can be something like "mod/path1 mod/path2", etc.).
+  it() bf(RSYNC_EXIT_STATUS): (post-xfer only) rsync's exit value.  This will be 0 for a

   successful run, a positive value for an error that rsync returned
   (e.g. 23=partial xfer), or a -1 if rsync failed to exit properly.
   successful run, a positive value for an error that rsync returned
   (e.g. 23=partial xfer), or a -1 if rsync failed to exit properly.

-  it() bf(RSYNC_RAW_STATUS): the raw exit value from waitpid().
+  it() bf(RSYNC_RAW_STATUS): (post-xfer only) the raw exit value from waitpid().

 ))
 
 Even though the commands can be associated with a particular module, they
 are run using the permissions of the user that started the daemon (not the
 ))
 
 Even though the commands can be associated with a particular module, they
 are run using the permissions of the user that started the daemon (not the

-module's uid/gid setting) without any chroot restrictions (even if the
-module will/has run chroot()ed).
+module's uid/gid setting) without any chroot restrictions.

 
 enddit()
 
 manpagesection(AUTHENTICATION STRENGTH)
 
 The authentication protocol used in rsync is a 128 bit MD4 based
 
 enddit()
 
 manpagesection(AUTHENTICATION STRENGTH)
 
 The authentication protocol used in rsync is a 128 bit MD4 based

-challenge response system. Although I believe that no one has ever
-demonstrated a brute-force break of this sort of system you should
-realize that this is not a "military strength" authentication system.
-It should be good enough for most purposes but if you want really top
-quality security then I recommend that you run rsync over ssh.
+challenge response system. This is fairly weak protection, though (with
+at least one brute-force hash-finding algorithm publicly available), so
+if you want really top-quality security, then I recommend that you run
+rsync over ssh.  (Yes, a future version of rsync will switch over to a
+stronger hashing method.)

 
 Also note that the rsync daemon protocol does not currently provide any
 encryption of the data that is transferred over the connection. Only
 
 Also note that the rsync daemon protocol does not currently provide any
 encryption of the data that is transferred over the connection. Only


@@ -570,7 +567,7 @@ url(http://rsync.samba.org/)(http://rsync.samba.org/)
 
 manpagesection(VERSION)
 
 
 manpagesection(VERSION)
 

-This man page is current for version 2.6.6pre1 of rsync.
+This man page is current for version 2.6.6 of rsync.

 
 manpagesection(CREDITS)
 
 
 manpagesection(CREDITS)