-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sergio Gelato wrote:
> * Ryan Novosielski [2008-08-17 00:54:44 -0400]:
>> However, my question is about whether or not the CN's have to match the
>> DNS name. It appears as if they do. 
> 
> For server certificates, yes. For client certificates, no. The "TLS
> Allowed CN" configuration directive is meant to apply to client
> certificates.

One last question should fix me up -- which counts as a client? Just
bconsole, or some of the other connections as well?

>> In that case, though, it is curious
>> to me why some of the examples that Landon has in the manual have
>> Allowed CN = bacula AT example.whatever DOT com, since no host name will ever
>> have bacula@anything in it. Perhaps that was only for the console, which
>> maybe does not have this restriction. Not sure.

- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |novosirj AT umdnj DOT edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIqNVlmb+gadEcsb4RAn80AKDEC3gtUtLRkHrelSPhzjmJIaONSgCgy8Vh
/HrZZaXoanc1ttUUgUWPNhQ=
=I3J1
-----END PGP SIGNATURE-----

novosirj.vcf
Description: Vcard

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users