[Bacula-users] TLS Require = yes, ignored

Thu, 10 May 2007 06:46:24 -0700 

Hi,

I'm a Spanish computer science student and  I'm working on my thesis  which
is basically deploying Bacula for my school. I'm kinda desperate because my
due date is coming closer and closer and I'm stuck configuring TLS
communications. I really wish you could help with this...

I'm trying first to get bconsole and the director to communicate using tls.
So, I created all the certifications and set up my own CA following the
instructions at http://www.devco.net/pubwiki/Bacula/TLS. The PROBLEM I have
is that my director ignores the 'TLS Require = yes' directive. It even
permits communicating with my FD which has no TLS directives(if I do a
*status client on another machine that FD responds). Therefore, since I'm
not experienced and I don't know how to use a packet sniffer I have no way
to know if TLS is working.

Some other info that might be useful:
- OpenSuSE 10.2
- Bacula 2.0.2
- OpenSSL 0.9.8d
- Yes, I've got Bacula to work without TLS.



Here I include part of the config files:

*Note that I even disabled TLS on bconsole and STILL it connects to the
director

bconsole.conf
----------------------
Director {
 Name = canaan-dir
 DIRport = 9101
 address = canaan
 Password = "qLSoAnsFKtVxe1L22yeiVhuhmFPqs6DlgSbO25di5WV2"
 TLS Enable = no
 TLS Require = yes
 TLS CA Certificate File = /etc/bacula/tls/ca-cert.pem
 TLS Certificate = /etc/bacula/tls/canaan2.cert
 TLS Key = /etc/bacula/tls/canaan2.key
}

bacula-dir.conf
------------------------

Director {                            # define myself
 Name = canaan-dir
 DIRport = 9101                # where we listen for UA connections
 QueryFile = "/etc/bacula/query.sql"
 WorkingDirectory = "/var/bacula"
 PidDirectory = "/var/run"
 Maximum Concurrent Jobs = 1
 Password = "qLSoAnsFKtVxe1L22yeiVhuhmFPqs6DlgSbO25di5WV2"         #
Console password
 Messages = Daemon
 TLS Enable = yes
 TLS Require = yes
 TLS Verify Peer = yes
 TLS Allowed CN = "canaan"
 TLS CA Certificate File = /etc/bacula/tls/ca-cert.pem
 TLS Certificate = /etc/bacula/tls/canaan2.cert
 TLS Key = /etc/bacula/tls/canaan2.key
}

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to