On 05/05/2015 10:18 PM, Craig Shiroma wrote: > Hi Romeo, > > Thanks! Just so I understand correctly... > The bacula-fd running on the clients communicate with the bacula server using > the password in client's bacula-fd.conf. This authentication on the "wire" is > actually encrypted. Is this correct? > > -craig
Hi Craig, Keep in mind that all of the actual backup data and other communications is unencrypted unless TLS between daemons is configured in Bacula: DIR->SD, DIR->FD, FD->SD, bconsole->DIR, (and SD->FD in the case of SD calls Client) One simple method to encrypt communications between daemons is to use an excellent open-source tool called "stunnel" (documented in the Bacula misc.pdf manual) Depending on your requirements, stunnel, a VPN (IPsec, OpenVPN or other), ssh tunnels, or a full-blown TLS deployment are all possible options to secure Bacula's daemon<-->daemon communications. Some are more complex and time consuming to implement than others, but may be more (verifiably) secure, so these considerations need to be a part of the requirements discussion. :) Bill -- Bill Arlofski Reverse Polarity, LLC http://www.revpol.com/ -- Not responsible for anything below this line -- ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
