Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] need help (step by step) for setting up certificates

2011-07-24 19:59:43
Subject: Re: [Bacula-users] need help (step by step) for setting up certificates
From: scar <scar AT drigon DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Sun, 24 Jul 2011 16:57:05 -0700 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Craig White @ 07/24/2011 10:14 AM:
> On Sun, 2011-07-24 at 09:29 -0700, scar wrote:
>> frankly i don't see why bconsole, which was able to be run fine under
>> normal user privileges, now needs to be run as root to access the
>> private key.
> ----
> bacula programs run as user/group bacula so user/group bacula must be
> able to read the key (and all ca/crt files too).
> 
> Seems to me that I have always had to run bconsole as root but perhaps
> that's just the way I installed it.
> 

well i simply added myself to the bacula group and that was enough to
read the bacula config files.  so if i need to now run as root because
of the certs, so be it.

my certs now have the following permissions:

- -rw-r--r-- 1 root   bacula 3195 2011-07-23 16:53 home1.crt
- -r-------- 1 bacula bacula  887 2011-07-23 16:53 home1.key
- -rw-r--r-- 1 root   bacula 1359 2011-07-23 16:52 myca.crt

so bacula should be able to read them all now, yet i'm still getting the
same error `TLS negotiation failed` when trying to run bconsole.

it seems if i followed the guide that Mr. Walton posted[1] that
everything should be working, so maybe the problem is there?  i pretty
much followed it to a tee.  i created the directories, copied the
openssl config, etc.  i followed the section "Create the CA Certificate
and Key" to create the myca.crt and myca.key, continued with the extra
configuration, and then followed the "Create a Server certificate"
section twice to generate my home1.{crt,key} and home2.{crt,key}.  sorry
for being so clueless


1. http://www.g-loaded.eu/2005/11/10/be-your-own-ca/

-----BEGIN PGP SIGNATURE-----

iEYEAREIAAYFAk4ssVAACgkQXhfCJNu98qDYOQCdHK3rLXLRnhgh9U8WFmFNAV2U
UcMAmgI4OXKim6cIlqG3KjMtnfxi3mEy
=sm8J
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Where to stuff bacula hints/tricks/documentation?, Dan Langille
Next by Date:  Re: [Bacula-users] need help (step by step) for setting up certificates, Mike Hobbs
Previous by Thread:  Re: [Bacula-users] need help (step by step) for setting up certificates, Craig White
Next by Thread:  Re: [Bacula-users] need help (step by step) for setting up certificates, Mark
Indexes:  [Date] [Thread] [Top] [All Lists]