almir icon indicating copy to clipboard operation
almir copied to clipboard

Published 20 hours ago verified publisher icon domenkozar

TLS support

Open matthijs opened this issue 12 years ago • 8 comments

Hello,

We require TLS in bacula, also for the bconsole client. It seems that there is no support for TLS, it would be nice if that can be implemented.

Regards,

Matthijs Möhlmann

matthijs avatar May 05 '12 19:05 matthijs

Can you point me to configuration sample and documentation for it?

domenkozar avatar May 12 '12 16:05 domenkozar

On 12-mei-2012, at 18:41, Domen Kožar wrote:

Can you point me to configuration sample and documentation for it?

Reply to this email directly or view it on GitHub: https://github.com/iElectric/almir/issues/37#issuecomment-5669860

Hello,

Of course: http://bacula.org/5.2.x-manuals/en/main/main/Bacula_TLS_Communications.html

The above documentation also applies to the console configuration. Look at the bacula-fd.conf for an example.

If you need some help with setting up a CA, let me know then I'll add a step by step guide how to create this and how you can sign specific certificates.

In the other mail you asked for sponsoring, in what way do you want sponsoring? I can help with testing, even help a bit with coding? (I am a programmer myself)

Regards,

Matthijs Möhlmann

matthijs avatar May 13 '12 10:05 matthijs

Interesting that this is not mentioned anywhere for bconsole.conf. I will accept this for 0.2 and let you know when I need your help. Thanks for the report!

domenkozar avatar May 20 '12 21:05 domenkozar

Hey @matthijs, could you describe steps how to setup bconsole with TLS? Thanks!

domenkozar avatar Aug 27 '12 17:08 domenkozar

Hello,

Here is the configuration file as I use it for bconsole.

# Bacula User Agent (or Console) Configuration File
Director {
    Name = bacula-director
    DIRport = 9101
    address = bacula-server
    Password = "some random password"

    # TLS
    TLS Enable = yes
    TLS Require = yes
    TLS CA Certificate File = /etc/bacula/ssl/cacert.pem

    # Bconsole client certificate
    TLS Certificate = /etc/bacula/ssl/bconsole.crt
    TLS Key = /etc/bacula/ssl/bconsole.key
}

Of course the Director config should have configuration for TLS communication. I have a CA which I use to sign all hosts that use our backup system.

I looked into the code and I think some extra options should be added to the buildout.cfg director_tlsenable director_tlsrequire director_tlscacertificate director_certificate director_privatekey

After that adjust the buildout.d/bconsole.conf.in to reflect the changes. I can create a patch for you if you want.

Regards,

Matthijs Möhlmann

matthijs avatar Oct 24 '12 06:10 matthijs

Awesome. I'll try to find time to implement this, otherwise I'm happy to see a patch :)

domenkozar avatar Oct 24 '12 10:10 domenkozar

Offtopic, how can I add 'code attached', as seen by Issue 35?

matthijs avatar Oct 24 '12 10:10 matthijs

You fork repository, commit code, and then click "pull request" on github to create code review.

domenkozar avatar Oct 24 '12 10:10 domenkozar