Re: [Bacula-users] client/server passwords
2015-05-06 21:12:21
On 05/05/2015 10:18 PM, Craig Shiroma wrote:
> Hi Romeo,
>
> Thanks! Just so I understand correctly...
> The bacula-fd running on the clients communicate with the bacula server using
> the password in client's bacula-fd.conf. This authentication on the "wire" is
> actually encrypted. Is this correct?
>
> -craig
Hi Craig,
Keep in mind that all of the actual backup data and other communications is
unencrypted unless TLS between daemons is configured in Bacula: DIR->SD,
DIR->FD, FD->SD, bconsole->DIR, (and SD->FD in the case of SD calls Client)
One simple method to encrypt communications between daemons is to use an
excellent open-source tool called "stunnel" (documented in the Bacula misc.pdf
manual)
Depending on your requirements, stunnel, a VPN (IPsec, OpenVPN or other), ssh
tunnels, or a full-blown TLS deployment are all possible options to secure
Bacula's daemon<-->daemon communications.
Some are more complex and time consuming to implement than others, but may be
more (verifiably) secure, so these considerations need to be a part of the
requirements discussion. :)
Bill
--
Bill Arlofski
Reverse Polarity, LLC
http://www.revpol.com/
-- Not responsible for anything below this line --
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Bacula-users] client/server passwords, Craig Shiroma
- Re: [Bacula-users] client/server passwords, Romeo Theriault
- Re: [Bacula-users] client/server passwords, Craig Shiroma
- Re: [Bacula-users] client/server passwords, Romeo Theriault
- Re: [Bacula-users] client/server passwords,
Bill Arlofski <=
- Re: [Bacula-users] client/server passwords, Craig Shiroma
- Re: [Bacula-users] client/server passwords, Alex Domoradov
- Re: [Bacula-users] client/server passwords, Dimitri Maziuk
- Re: [Bacula-users] client/server passwords, Alex Domoradov
- Re: [Bacula-users] client/server passwords, Dimitri Maziuk
- Re: [Bacula-users] client/server passwords, Alex Domoradov
- Re: [Bacula-users] client/server passwords, Dimitri Maziuk
- Re: [Bacula-users] client/server passwords, Alex Domoradov
- Re: [Bacula-users] client/server passwords, Dimitri Maziuk
- Re: [Bacula-users] client/server passwords, Dimitri Maziuk
|
|
|