Ok, now my bacula setup are rather decent, next step enable TLS. I've looked at FAQ, HOWTOs, manual... but i've not found an answer to this question.
Can i enable TLS without 'client' (fd) certificate, but only 'server' (dir) certificates, as usually done by SSL/TLS apps/protocols (https, ldaps, ...)? I think that the 'hash/password' is for me a sufficient security/identification measue, and i don't want to generate and deploy certificates for all the client. Speaking pratically: a setup like: bacula-dir.conf: Director { TLS Enable = yes TLS Required = yes TLS Verify Peer = no TLS CA Certificate File = /etc/ssl/certs/LNFFVG.pem TLS Certificate = /etc/ssl/certs/LNFFVGTrinity.pem TLS Key = /etc/ssl/private/LNFFVGTrinity.pem [...other non-TLS conf...] bacula-fd.conf Director { TLS Enable = yes TLS Required = yes TLS Verify Peer = yes TLS CA Certificate File = /etc/ssl/certs/LNFFVG.pem [...other non-TLS conf...] -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users