TLS support

[matthijs]

Hello,

We require TLS in bacula, also for the bconsole client. It seems that there is no support for TLS, it would be nice if that can be implemented.

Regards,

Matthijs Möhlmann

[domenkozar]

Can you point me to configuration sample and documentation for it?

[matthijs]

On 12-mei-2012, at 18:41, Domen Kožar wrote:

Can you point me to configuration sample and documentation for it?

---

Reply to this email directly or view it on GitHub: https://github.com/iElectric/almir/issues/37#issuecomment-5669860

Hello,

Of course: http://bacula.org/5.2.x-manuals/en/main/main/Bacula_TLS_Communications.html

The above documentation also applies to the console configuration. Look at the bacula-fd.conf for an example.

If you need some help with setting up a CA, let me know then I'll add a step by step guide how to create this and how you can sign specific certificates.

In the other mail you asked for sponsoring, in what way do you want sponsoring? I can help with testing, even help a bit with coding? (I am a programmer myself)

Regards,

Matthijs Möhlmann

[domenkozar]

Interesting that this is not mentioned anywhere for bconsole.conf. I will accept this for 0.2 and let you know when I need your help. Thanks for the report!

[domenkozar]

Hey @matthijs, could you describe steps how to setup bconsole with TLS? Thanks!

[matthijs]

Hello,

Here is the configuration file as I use it for bconsole.

# Bacula User Agent (or Console) Configuration File
Director {
    Name = bacula-director
    DIRport = 9101
    address = bacula-server
    Password = "some random password"

    # TLS
    TLS Enable = yes
    TLS Require = yes
    TLS CA Certificate File = /etc/bacula/ssl/cacert.pem

    # Bconsole client certificate
    TLS Certificate = /etc/bacula/ssl/bconsole.crt
    TLS Key = /etc/bacula/ssl/bconsole.key
}

Of course the Director config should have configuration for TLS communication. I have a CA which I use to sign all hosts that use our backup system.

I looked into the code and I think some extra options should be added to the buildout.cfg director_tlsenable director_tlsrequire director_tlscacertificate director_certificate director_privatekey

After that adjust the buildout.d/bconsole.conf.in to reflect the changes. I can create a patch for you if you want.

Regards,

Matthijs Möhlmann

[domenkozar]

Awesome. I'll try to find time to implement this, otherwise I'm happy to see a patch :)

[matthijs]

Offtopic, how can I add 'code attached', as seen by Issue 35?

[domenkozar]

You fork repository, commit code, and then click "pull request" on github to create code review.