Ok, now my bacula setup are rather decent, next step enable TLS.
I've looked at FAQ, HOWTOs, manual... but i've not found an answer to
this question.
Can i enable TLS without 'client' (fd) certificate, but only 'server'
(dir) certificates, as usually done by SSL/TLS apps/protocols (https,
ldaps, ...)?
I think that the 'hash/password' is for me a sufficient
security/identification measue, and i don't want to generate
and deploy certificates for all the client.
Speaking pratically: a setup like:
bacula-dir.conf:
Director {
TLS Enable = yes
TLS Required = yes
TLS Verify Peer = no
TLS CA Certificate File = /etc/ssl/certs/LNFFVG.pem
TLS Certificate = /etc/ssl/certs/LNFFVGTrinity.pem
TLS Key = /etc/ssl/private/LNFFVGTrinity.pem
[...other non-TLS conf...]
bacula-fd.conf
Director {
TLS Enable = yes
TLS Required = yes
TLS Verify Peer = yes
TLS CA Certificate File = /etc/ssl/certs/LNFFVG.pem
[...other non-TLS conf...]
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
