Hi,
my certs now have the following permissions:
- -rw-r--r-- 1 root bacula 3195 2011-07-23 16:53 home1.crt
- -r-------- 1 bacula bacula 887 2011-07-23 16:53 home1.key
- -rw-r--r-- 1 root bacula 1359 2011-07-23 16:52 myca.crt
so bacula should be able to read them all now, yet i'm still getting the
same error `TLS negotiation failed` when trying to run bconsole.
As you can see there, the only users on the system who can read home1.key are root and bacula.
When you run bconsole, it runs as you, not as the bacula user. The _daemons_ run as root and/or bacula (depending on whether you're talking about FD, SD, or DIR), but bconsole is just a client to the director. If you're logging in as "scar", change home1.key's permissions so that the group can read it (mode 640) and add "scar" to the bacula group (note that I'm not sure if bacula will complain about the key's permissions being too lose, but it's quick to change back if so), or if the filesystem is mounted with ACL support, just do a setfacl and allow the user "scar" to read the file.
HTH, Mark
------------------------------------------------------------------------------
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide. Store less, Store more with what you own, Move data to
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/ _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|