On Friday 28 April 2006 12:24, Kern Sibbald wrote: > On Friday 28 April 2006 09:54, Silver Salonen wrote: > > Hi. > > > > I'm trying to get the overall picture about communication process of > > director, file- and storage-daemon. > > > > I've read the developers' guide and now I know that director tells > > file-daemons to contact with storage daemon. In the SD part there's written > > about SD's append requests: "A data append session is opened with the Job > > ID given by JobId with client password (if required) ..." > > The question is - who tells storage-daemon to require client's password and > > if it gets the client's password, what will it do with it? I don't see any > > options for SD to verify client's password somehow.. > > Clients don't know anything about Storage daemons, because all the information > is contained in the Director. So, when the Director creates a Job, it > contacts the SD, which passes back a one time "shared secret" (a hash key). > This key is then passed to the FD along with the address and port (if I > remember right) for the SD. The SD is then waiting for the FD to contact it, > and when it does, they both do the standard double CRAM-MD5 authentication > (each validatest the other) using the one time "shared secret". > > There is a perhaps a very small security hole here where someone could snoop > the line and pick up the shared secret, then open a connection with the SD > before the FD does so. However, the read FD would notice this problem and > inform the Director, who will then tell the SD to cancel the job. In > addition, if you use lib wrappers and allow only valid Clients to access the > SD, there is no security problem at all. > > If this "very small security hole" bothers someone, it would be rather trivial > to fix (and I would be happy the have someon submit code for this). When the > Director creates the job with the SD, it could pass the IP address of the > Client who will contact the SD. Then when the SD is contacted by the FD, it > could check both the shared secret and the IP address.
Yes! Thanks for the explanation :) Is it somewhere in documentation also? If not, maybe it should be written? The overall who-says-what process :) > > Another similar question is about encryption. Who tells client whether it > > should encrypt the communication with SD if SD is configured with "TLS > > Enable = yes" and "TLS Require = no"? > > It is in the client conf file from what I remember, but there are better > experts on this subject than I am ... In the client config there seems to be an option for using TLS for communicating with the director. So I suppose the option is just expanded to SD also? > > I'm just trying to get a picture about security of some backup-products :) > > > > It would be very interesting to hear the results of your survey ... Well, if I find something useful.. it's just a quick look at Amanda, Arkeia and Bacula for my bachelor's thesis :) Thanks, Silver ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
