Marco Gaiarin wrote:
> Ok, now my bacula setup are rather decent, next step enable TLS.
>
> I've looked at FAQ, HOWTOs, manual... but i've not found an answer to
> this question.
>
>
> Can i enable TLS without 'client' (fd) certificate, but only 'server'
> (dir) certificates, as usually done by SSL/TLS apps/protocols (https,
> ldaps, ...)?
>
> I think that the 'hash/password' is for me a sufficient
> security/identification measue, and i don't want to generate
> and deploy certificates for all the client.
>
> Speaking pratically: a setup like:
>
> bacula-dir.conf:
>
> Director {
> TLS Enable = yes
> TLS Required = yes
> TLS Verify Peer = no
> TLS CA Certificate File = /etc/ssl/certs/LNFFVG.pem
> TLS Certificate = /etc/ssl/certs/LNFFVGTrinity.pem
> TLS Key = /etc/ssl/private/LNFFVGTrinity.pem
> [...other non-TLS conf...]
>
>
> bacula-fd.conf
>
> Director {
> TLS Enable = yes
> TLS Required = yes
> TLS Verify Peer = yes
> TLS CA Certificate File = /etc/ssl/certs/LNFFVG.pem
> [...other non-TLS conf...]
I am pretty use you need a TLS Certificate on each client.
--
Dan Langille - http://www.langille.org/
BSDCan - The Technical BSD Conference: http://www.bsdcan.org/
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
