Hi, 14.09.2007 22:55,, Mike Mestnik wrote:: > On Fri, Sep 14, 2007 at 08:27:47PM +0200, Arno Lehmann wrote: >> Hi, >> >> 14.09.2007 20:21,, Frank Sweetser wrote:: >>> Arno Lehmann wrote: >>> >>>> Whatever you like... For these purposes - well-defined usage, and the >>>> clients need to be set up for this particular server anyway - I think >>>> self-signed certificates are absolutely ok. Of course, if you already >>> Nope - I found out while setting it up that Bacula will not work exclusively >>> with self-signed certs. A self signed CA is okay, but everyone at both ends >>> has to be signed by a trusted CA. >> Erm... yes. Actually, that's what I was trying to say. Thanks. >> In fact, without a common instance to trust, the whole certificate >> stuff is more or less useless and becomes only a more complicated >> setup of shared secrets (more or less). >> > I think this is the reason I just jumped right into using ssh.
Well, then we should point out that a public key infrastructure is definitely something that needs some planning, good maintenance, and a structured environment and thus is probably suitable for larger organizations that use PKI and their own CA anyway. > BTW, > is there any reason to have an FD running all the time on clients? No, you just have to make sure the FD runs when it's needed. For example, you might have a "Client Run Before Job" script that starts the FD and a script to shut it down after your jobs are run. The FD doesn't require many resources when unused, though, and running it with tcp wrappers or behind a firewall should take care of most security issues. Arno -- Arno Lehmann IT-Service Lehmann www.its-lehmann.de ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
