On Friday 28 April 2006 09:54, Silver Salonen wrote:
> Hi.
>
> I'm trying to get the overall picture about communication process of
> director, file- and storage-daemon.
>
> I've read the developers' guide and now I know that director tells
> file-daemons to contact with storage daemon. In the SD part there's written
> about SD's append requests: "A data append session is opened with the Job
> ID given by JobId with client password (if required) ..."
> The question is - who tells storage-daemon to require client's password and
> if it gets the client's password, what will it do with it? I don't see any
> options for SD to verify client's password somehow..
Clients don't know anything about Storage daemons, because all the information
is contained in the Director. So, when the Director creates a Job, it
contacts the SD, which passes back a one time "shared secret" (a hash key).
This key is then passed to the FD along with the address and port (if I
remember right) for the SD. The SD is then waiting for the FD to contact it,
and when it does, they both do the standard double CRAM-MD5 authentication
(each validatest the other) using the one time "shared secret".
There is a perhaps a very small security hole here where someone could snoop
the line and pick up the shared secret, then open a connection with the SD
before the FD does so. However, the read FD would notice this problem and
inform the Director, who will then tell the SD to cancel the job. In
addition, if you use lib wrappers and allow only valid Clients to access the
SD, there is no security problem at all.
If this "very small security hole" bothers someone, it would be rather trivial
to fix (and I would be happy the have someon submit code for this). When the
Director creates the job with the SD, it could pass the IP address of the
Client who will contact the SD. Then when the SD is contacted by the FD, it
could check both the shared secret and the IP address.
>
> Another similar question is about encryption. Who tells client whether it
> should encrypt the communication with SD if SD is configured with "TLS
> Enable = yes" and "TLS Require = no"?
It is in the client conf file from what I remember, but there are better
experts on this subject than I am ...
>
> I'm just trying to get a picture about security of some backup-products :)
>
It would be very interesting to hear the results of your survey ...
--
Best regards,
Kern
(">
/\
V_V
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
