Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] need help (step by step) for setting up certificates

2011-07-24 13:17:07
Subject: Re: [Bacula-users] need help (step by step) for setting up certificates
From: Craig White <craigwhite AT azapple DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Sun, 24 Jul 2011 10:14:23 -0700 
On Sun, 2011-07-24 at 09:29 -0700, scar wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Ben Walton @ 07/24/2011 05:22 AM:
> > Excerpts from scar's message of Sun Jul 24 00:12:30 -0400 2011:
> > 
> >> so i tried adding `TLS Allowed CN = "home1"` and still get the same
> >> error.  however, i tried using the `-d 99` switch for bconsole and
> >> it reveals something helpful:
> > 
> > You need to make sure that this parameter exactly matches what the
> > certificate contains.  Maybe you didn't enter a fqdn for the CN in the
> > cert?  If so, the value is ok.  Otherwise, you should qualify it.
> > 
> >> i tried running bconsole as root so it could read the private key.
> >> is that necessary?  if not then can i comment out the `TLS Key`
> >> directive from bconsole.conf?  either way it's still not working:
> > 
> > Can you run this under strace?  It would be useful to see what files
> > bconsole is opening and stating.  The director side of this could also
> > be foiling you here too.  Attache strace (or whatever is appropriate
> > for your platform) to the running director when you try to attach
> > bconsole would be good too.
> 
> guys you really need to be more specific with me.  do you want me to run
> `strace bconsole` or what?
> 
> frankly i don't see why bconsole, which was able to be run fine under
> normal user privileges, now needs to be run as root to access the
> private key.
----
bacula programs run as user/group bacula so user/group bacula must be
able to read the key (and all ca/crt files too).

Seems to me that I have always had to run bconsole as root but perhaps
that's just the way I installed it.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] need help (step by step) for setting up certificates, scar
Next by Date:  Re: [Bacula-users] Where to stuff bacula hints/tricks/documentation?, Dan Langille
Previous by Thread:  Re: [Bacula-users] need help (step by step) for setting up certificates, scar
Next by Thread:  Re: [Bacula-users] need help (step by step) for setting up certificates, scar
Indexes:  [Date] [Thread] [Top] [All Lists]