-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Craig White @ 07/24/2011 10:14 AM:
> On Sun, 2011-07-24 at 09:29 -0700, scar wrote:
>> frankly i don't see why bconsole, which was able to be run fine under
>> normal user privileges, now needs to be run as root to access the
>> private key.
> ----
> bacula programs run as user/group bacula so user/group bacula must be
> able to read the key (and all ca/crt files too).
>
> Seems to me that I have always had to run bconsole as root but perhaps
> that's just the way I installed it.
>
well i simply added myself to the bacula group and that was enough to
read the bacula config files. so if i need to now run as root because
of the certs, so be it.
my certs now have the following permissions:
- -rw-r--r-- 1 root bacula 3195 2011-07-23 16:53 home1.crt
- -r-------- 1 bacula bacula 887 2011-07-23 16:53 home1.key
- -rw-r--r-- 1 root bacula 1359 2011-07-23 16:52 myca.crt
so bacula should be able to read them all now, yet i'm still getting the
same error `TLS negotiation failed` when trying to run bconsole.
it seems if i followed the guide that Mr. Walton posted[1] that
everything should be working, so maybe the problem is there? i pretty
much followed it to a tee. i created the directories, copied the
openssl config, etc. i followed the section "Create the CA Certificate
and Key" to create the myca.crt and myca.key, continued with the extra
configuration, and then followed the "Create a Server certificate"
section twice to generate my home1.{crt,key} and home2.{crt,key}. sorry
for being so clueless
1. http://www.g-loaded.eu/2005/11/10/be-your-own-ca/
-----BEGIN PGP SIGNATURE-----
iEYEAREIAAYFAk4ssVAACgkQXhfCJNu98qDYOQCdHK3rLXLRnhgh9U8WFmFNAV2U
UcMAmgI4OXKim6cIlqG3KjMtnfxi3mEy
=sm8J
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|