Hello Ana,
I have not followed this thread in detail, but if the user wants more
security in verifying the FD, it is possible to enable TLSAuthentication
without enabling TLS on transmitted data, and in that case, in addition
to the regular MD5 authentication Bacula will do TLSAuthentication but
then not use TLS for the rest of the data transmission.
Best regards,
Kern
On 15-09-23 04:27 PM, Ana Emília M. Arruda wrote:
Complementing my previous post, MD5 and SHA1 do not make use of pki
signatures from bacula crypto lib. They are hashes used for integrity
verification and not for authenticity verification.
Best regards,
Ana
On Wed, Sep 23, 2015 at 3:45 PM, Ana Emília M. Arruda
<emiliaarr...@gmail.com <mailto:emiliaarr...@gmail.com>> wrote:
Hello Markus,
I´m quite sure that it is not possible to have pki signature
without pki encryption. You can have computation of MD5 and SHA1
signature of the file if configured in your FileSet. When dealing
with pki signatures, this works only when you use pki encryption.
I mean, the encrypted data at file daemon is signed before sent to
storage daemon.
Best regards,
Ana
On Wed, Sep 23, 2015 at 5:30 AM, Markus Falb <markus.f...@fasel.at
<mailto:markus.f...@fasel.at>> wrote:
Hello Bacula Users,
I am trying pki signatures without pki encryption off.
In my fd config I have
FileDaemon {
Name = x-fd
...
pki signatures = yes
pki encryption = no
pki keypair = /etc/pki/tls/private/x-fd.pem # with CN=x-fd
}
I have a second machine y-fd with equivalent config.
I make a Backup of x-fd.
I do a restore of this backup but I change the restore host to
y-fd, and
it works, and that surprises me because y-fd should not be able to
verify the signature made with the private key from x-fd, it
does not
know the public key of x-fd, right?
I wonder how this is supposed to work.
+
I don't even know if a signature was made in the first place
and how to
verify that.
--
Kind Regards, Markus Falb
------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of
Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
<mailto:Bacula-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/bacula-users
------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
