Hi,
> my certs now have the following permissions:
>
> - -rw-r--r-- 1 root bacula 3195 2011-07-23 16:53 home1.crt
> - -r-------- 1 bacula bacula 887 2011-07-23 16:53 home1.key
> - -rw-r--r-- 1 root bacula 1359 2011-07-23 16:52 myca.crt
>
> so bacula should be able to read them all now, yet i'm still getting the
> same error `TLS negotiation failed` when trying to run bconsole.
>
>
As you can see there, the only users on the system who can read home1.key
are root and bacula.
When you run bconsole, it runs as you, not as the bacula user. The
_daemons_ run as root and/or bacula (depending on whether you're talking
about FD, SD, or DIR), but bconsole is just a client to the director. If
you're logging in as "scar", change home1.key's permissions so that the
group can read it (mode 640) and add "scar" to the bacula group (note that
I'm not sure if bacula will complain about the key's permissions being too
lose, but it's quick to change back if so), or if the filesystem is mounted
with ACL support, just do a setfacl and allow the user "scar" to read the
file.
HTH,
Mark
------------------------------------------------------------------------------
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide. Store less, Store more with what you own, Move data to
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
