> On 12/18/2015 06:46 PM, H. Steuer wrote: >> Hello Kern,
>> thanks for your comment. Probably I did not understand the security model of >> Bacula so far. Furthermore, you misread my >> post. The point is not anybody having root access to the Bacula server - >> thats >> absolutely not the case. And there are just very few users with root access >> on >> servers. But lets assume an administrator that manages mail servers only has >> root privileges on its mail servers (not on any other maching, just his few >> mail servers). >> This mail server has a file daemon configuration locally where the director >> password is stored. That nessecary for the director to connect to this >> particular client. So far so good. For my understanding, and please correct >> my >> if I'm wrong, I can use the same password that is part of the file daemon >> configuration in the bconsole.conf to gain anonymous console. >> So an evil administrator could read the password our of the bacula-fd.conf, >> install bconsole and create just a bconsole.conf >> with the same password he extracted from the bacula-fd.conf. >> Probably I just missed the point here and my assumption is wrong. At least my >> local tests confirmed that this is the case. >> Can you please leave a comment on this? > Yes, you have very likely "misconfigured" your File Daemon. In the Director > resource of the FD, you should put the password that is in the Client resource > of the bacula-dir.conf file and definitely not the password that is in the > Director resource of the bacula-dir.conf file. It may seem a bit confusing at > the beginning, but the FD Director resource should have the password that the > Director will use when connecting to the Client (i.e. the bacula-dir.conf > Client password). Maybe an illustration can help: http://bacula.us/conf-diagram/ Regards, =========================================================================== Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified Administrator II Do you need Bacula training? http://bacula.us/video-classes/ +55 61 8268-4220 Site: http://bacula.us FB: heitor.faria ===========================================================================
------------------------------------------------------------------------------
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
