Hi,
I'm having troubles configuring tls communications. I think I have done all
the certification alright using
http://www.devco.net/pubwiki/Bacula/TLSinstructions. I'm first trying
to get bconsoe<->dir connection to use tls. I
have my configuration files as show below and seems to work fine, but it
ignores the 'TLS Require = yes' because I haven't set TLS directives in any
other configuration file and everything seems to work "fine". For my
understanding it shouldn't let me do a *status client in bconsole, right?
because my FD isn't using TLS. How can I get Director to truly reject any
non TLS communications?
Even if i put TLS Enable = no in bconsole.conf I can still connect to the
Director.
Here is the rest of the information:
- I'm using bacula 2.0.2
- I used the --with-openssl configuration option and worked fine
- openSuse 10.2
- I followed the instructions at http://www.devco.net/pubwiki/Bacula/TLS
###############
#bacula-dir.conf:#
##############
Director {
TLS Enable = yes
TLS Require = yes
TLS Verify Peer = yes
TLS Allowed CN = "canaan"
TLS CA Certificate File = /etc/bacula/tls/ca-cert.pem
TLS Certificate = /etc/bacula/tls/canaan2.cert
TLS Key = /etc/bacula/tls/canaan2.key
}
##############
#bconsole.conf:#
##############
Director {
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /etc/bacula/tls/ca-cert.pem
TLS Certificate = /etc/bacula/tls/canaan2.cert
TLS Key = /etc/bacula/tls/canaan2.key
}
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
