- added some notes about encryption and authentication to the man

pages

- documented the RSYNC_PASSWORD environment variable

2 files changed, 22 insertions, 0 deletions

diff --git a/rsync.yo b/rsync.yo
index 008bdda8..34d95003 100644
--- a/rsync.yo
+++ b/rsync.yo
@@ -139,6 +139,11 @@ itemize(
 	list of accessible paths on the server will be shown.
 )
 
+Some paths on the remote server may require authentication. If so then
+you will receive a password prompt when you connect. You can avoid the
+password prompt by setting the environment variable RSYNC_PASSWORD to
+the password you want to use. This may be useful when scripting rsync.
+
 manpagesection(RUNNING AN RSYNC SERVER)
 
 An rsync server is configured using a config file which by default is
diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo
index a7843670..8b741b0b 100644
--- a/rsyncd.conf.yo
+++ b/rsyncd.conf.yo
@@ -227,6 +227,23 @@ The default is no "hosts deny" option, which means all hosts can connect.
 
 enddit()
 
+manpagesection(AUTHENTICATION STRENGTH)
+
+The authentication protocol used in rsync is a 128 bit MD4 based
+challenge response system. Although I believe that no one has ever
+demonstrated a brute-force break of this sort of system you should
+realise that this is not a "military strength" authentication system.
+It should be good enough for most purposes but if you want really top
+quality security then I recommend that you run rsync over ssh.
+
+Also note that the rsync server protocol does not currently provide any
+encryption of the data that is transferred over the link. Only
+authentication is provided. Use ssh as the transport if you want
+encryption.
+
+Future versions of rsync may support SSL for better authentication and
+encryption, but that is still being investigated.
+
 manpagesection(EXAMPLES)
 
 A simple rsyncd.conf file that allow anonymous rsync to a ftp area at