On 8 Mar 2006 at 19:33, Andreas Aronsson wrote:
>
>
> Dan Langille wrote:
>
> and bacula-fd.conf:
>
> # List Directors who are permitted to contact this File
> daemon
>
> #
>
>   ;
> Director {
> Name = xxxxx-dir
> .....
>
> TLS Require = yes
> TLS Verify Peer = no
>
>
> shouldn't this be yes? It is for me.
>
>
> Changed to yes, same result...
>
> # Allow only the Director to
> connect
>
>
> TLS Allowed CN = "this.example.cxx"
>
>
> This must be the director. is it?
>
>
> put in the director ( the hostname, tried with fully qualified as well
> as the short version) all at once. I got a list with Allowed CN's
> now...
>
>
> TLS CA Certificate File = /etc/ssl/certs/cacert.org.pem
> # This is a server certificate. It is used by
> connecting
>
> # directors to verify the authenticity of this file
> daemon
>
> TLS Certificate = /etc/ssl/xxxxx/cert.pem
> TLS Key = /etc/ssl/xxxxx/key.pem
>
>
> This must be the cert fo the director. is it?
>
>
> I use the same one for all three, and the only thing it checks is the
> CN if I have understood things correctly. Which would actually even
> allow any cert that presents itself with a "Allowed CN" be admissed...
>
>
>
> SO the director should be able to TLS, and the fd should let the
> director in, no?
>
>
> Yes.
>
>
> Also, do you certs have the passwords removed?
>
>
>
>
> Good idea!
> Removed with
> openssl rsa -in key.pem -out new.key
> mv new.key key.pem
>
> I really appreciate the help, but still the director shuns TLS =(
Remind me again, what you're doing and the symptoms? I'm not
convinced it's the Director.
--
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users
