On 8/6/2016 7:11 AM, Andreas Koch wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hallo all, > > many thanks for the extremely interesting discussions! > > I think that for our use case, the ``SD Calls Client'' directive would > probably work best. Many thanks to the Bacula devs for adding it!
I'll second that! Many thanks. > As for Josh's comment on potential security weaknesses due to spoofing the > Director: While that problems certainly exists, it is alleviated by the fact > that due to firewalling, the remote client outside of the firewall would > accept connections to the FD _only from the internal network_, making > spoofing a bit more difficult. Specifically, it would accept a connection > from a single SD host in the (hopefully) secure internal network, which also > has anti-spoofing rules in place. It certainly can be secure. I would add that Bacula's authentication also makes it very hard to spoof. My point was that it shifts the security focus from one SD to potentially many clients. Now that I think of it, though, this is probably not a feature one would use with very many clients.. ------------------------------------------------------------------------------ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
