On 05/05/2015 10:18 PM, Craig Shiroma wrote:
> Hi Romeo,
>
> Thanks!  Just so I understand correctly...
> The bacula-fd running on the clients communicate with the bacula server using
> the password in client's bacula-fd.conf.  This authentication on the "wire" is
> actually encrypted.  Is this correct?
>
> -craig

Hi Craig,

Keep in mind that all of the actual backup data and other communications is
unencrypted unless TLS between daemons is configured in Bacula: DIR->SD,
DIR->FD, FD->SD, bconsole->DIR, (and SD->FD in the case of SD calls Client)

One simple method to encrypt communications between daemons is to use an
excellent open-source tool called "stunnel" (documented in the Bacula misc.pdf
manual)

Depending on your requirements, stunnel, a VPN (IPsec, OpenVPN or other), ssh
tunnels, or a full-blown TLS deployment are all possible options to secure
Bacula's daemon<-->daemon communications.

Some are more complex and time consuming to implement than others, but may be
more (verifiably) secure, so these considerations need to be a part of the
requirements discussion. :)

Bill



--
Bill Arlofski
Reverse Polarity, LLC
http://www.revpol.com/
-- Not responsible for anything below this line --

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users