subject:"\[Bug 222558\] Re\: password in bacula\-fd.conf is not auto\-generated"

[Bug 222558] Re: password in bacula-fd.conf is not auto-generated

2008-12-02 Thread Launchpad Bug Tracker

This bug was fixed in the package bacula - 2.4.3-1ubuntu1

---
bacula (2.4.3-1ubuntu1) jaunty; urgency=low

  * Store sd|fd|director passwords in debconf (LP: #222558)
- added debian/bacula-common.templates
- modified debian/bacula-common.postinst:
  + generate random passwords and store them in debconf
- modified debian/bacula-[sd|fd|director-mysql|director-pgsql].postinst
  + read and set passwords from debconf
  * Daemons listen on all interfaces (LP: #286643)
  * Start daemons on installation
  * Build with generic XXX_*_XXX username, password and database name
and replace it with dbconfig's settings in postinstall scripts
  * Merge from debian unstable, remaining changes:
- Drop mt-st to suggests. So that bacula goes back to main. (LP: #286528)
- debian/rules: Disable fortify source since it was causing
  bacula-director to segfault.
- debian/control:
  + Added libdbi-perl and libdb-mysql-perl to depends for
bacula-director-mysql
due to new postinst configuration.
  + Cleaned up bacula-director-pgsql dependenices and recommends.
  + Made mysql the default director to install bacula-director-{mysql|pgsql}
added database handling to postinstall scripts and templates, modifiied
postinstall script's sed expressions.
  + Removed libwgtk-2.6-dev as a build dependency; as a result
bacula-console-wx isn't built anymore.
  + Install gawk if not installed. (LP: #207527)
- debian/make_catalog_backup_awk.[mysql|pgsql|sqlite3|sqlite]:
  + New scripts for catalog backup. (CVE-2007-5626)
- debian/bacula-console-wx:
  + Dropped since we are not building them anymore.
- debian/bacula-director-common.bacula-director.init,
  debian/bacula-fd.init, debian/bacula-sd.init
  + Made more LSB specific.

 -- Ante Karamatic [EMAIL PROTECTED]   Wed, 26 Nov 2008 13:53:30 +0100

** Changed in: bacula (Ubuntu)
   Status: Confirmed = Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5626

-- 
password in bacula-fd.conf is not auto-generated
https://bugs.launchpad.net/bugs/222558
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 222558] Re: password in bacula-fd.conf is not auto-generated

2008-09-24 Thread Ante Karamatić

I'll mark this bug as 'medium' at the moment. But this should be
resolved as soon as possible.

Kern, of course, any code would be welcome. It's clear that we should
generate password on postinstall of package, not during compile-time.

** Changed in: bacula (Ubuntu)
   Importance: Undecided = Medium
   Status: New = Confirmed

-- 
password in bacula-fd.conf is not auto-generated
https://bugs.launchpad.net/bugs/222558
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Re: [Bug 222558] Re: password in bacula-fd.conf is not auto-generated

2008-09-24 Thread Kern Sibbald

On Wednesday 24 September 2008 11:13:20 Ante Karamatić wrote:
 I'll mark this bug as 'medium' at the moment. But this should be
 resolved as soon as possible.

 Kern, of course, any code would be welcome. It's clear that we should
 generate password on postinstall of package, not during compile-time.

 ** Changed in: bacula (Ubuntu)
Importance: Undecided = Medium
Status: New = Confirmed

I am not (yet) a Debian packaging expert, so I asked the Bacula .deb guy 
(Eric), and this is his response.  Sorry for emailer wrapping, but you can 
probably figure it out.

On Wednesday 24 September 2008 16:18:58 you wrote:
 Hello Eric,

 Do you have some .deb magic I could send off to the Ubuntu Bacula
 maintainers so that they can generate random passwords when installing
 Bacula?

I use the bacula-common configuration script (debian/bacula-common.config) to
compute and store random password for all bacula packages. (my template file 
is ok too)

if ! db_get bacula/director_passwd; then
db_set bacula/director_passwd  $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
db_set bacula/director_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
db_set bacula/fd_passwd  $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
db_set bacula/fd_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
db_set bacula/sd_passwd  $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
db_set bacula/sd_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
fi

After that, i use special strings to replace password in configuration file 
(like for RPM)

./configure ... 
  --with-dir-password=XXX_REPLACE_WITH_DIRECTOR_PASSWORD_XXX \
  --with-fd-password=XXX_REPLACE_WITH_CLIENT_PASSWORD_XXX \
  --with-sd-password=XXX_REPLACE_WITH_STORAGE_PASSWORD_XXX \
  
--with-mon-dir-password=XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX 
\
  --with-mon-fd-password=XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX 
\
  
--with-mon-sd-password=XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX 
\

At the end, i just have to replace XXX_...XXX strings by what we have computed 
in each
package.postinst script.

db_get bacula/director_mpasswd
db_dir_mpass=$RET
db_get bacula/fd_mpasswd
db_fd_mpass=$RET
db_get bacula/sd_mpasswd
db_sd_mpass=$RET
db_stop

sed \
-e 
s%XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX%$db_dir_mpass% 
\
-e s%XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX%$db_sd_mpass% 
\
-e s%XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX%$db_fd_mpass% 
\
   $SRCDIR/$CONFIG  $TARGET

At the end, if you configure FD/SD/DIR/Console on the  same box, all your 
passwords
will be ok.

They have also to remove the XXAddress = 127.0.0.1 from all configuration 
file.

-- 
password in bacula-fd.conf is not auto-generated
https://bugs.launchpad.net/bugs/222558
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 222558] Re: password in bacula-fd.conf is not auto-generated

2008-09-10 Thread Kern Sibbald

I was not aware of this bug (sorry, I should look at them all), but I
think I can shed some light on it and even provide the code necessary
to fix it.

Basically the user is saying that each Bacula daemon generated needs a
shared secrete random password used for authentication, and these
passwords *must* be generated at install time to be unique.  I have not
looked at your packages but I believe that you inherited them from
Debian where I have reported this problem.  The passwords that you
release in the bacula-xx.conf files are generated by Bacula at build
time, and thus are installed on all systems, and hence are not secure,
and this applies to all versions of Bacula that you have packaged.  If
you have explicitly added code in the install process that generates
random passwords, then this bug should be closed, otherwise, it should
be left open and marked as a security problem.

Note, this is a packaging problem. Bacula generates random passwords
during the ./configure process, so everything is consistent, but once it
is packaged, the packager needs to create similar code to the Bacula
./configure so that all installations will have different passwords.

If you want, I can provide you with sample code suitable to put in your
installation packages.

-- 
password in bacula-fd.conf is not auto-generated
https://bugs.launchpad.net/bugs/222558
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 222558] Re: password in bacula-fd.conf is not auto-generated

2008-09-09 Thread Mackenzie Morgan

We are closing this bug report because it lacks the information we need
to investigate the problem, as described in the previous comments.
Please reopen it if you can give us the missing information, and don't
hesitate to submit bug reports in the future. To reopen the bug report
you can click on the current status, under the Status column, and change
the Status back to New. Thanks again!

** Changed in: bacula (Ubuntu)
   Status: Incomplete = Invalid

-- 
password in bacula-fd.conf is not auto-generated
https://bugs.launchpad.net/bugs/222558
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 222558] Re: password in bacula-fd.conf is not auto-generated

[Bug 222558] Re: password in bacula-fd.conf is not auto-generated

Re: [Bug 222558] Re: password in bacula-fd.conf is not auto-generated

[Bug 222558] Re: password in bacula-fd.conf is not auto-generated

[Bug 222558] Re: password in bacula-fd.conf is not auto-generated

5 matches

Site Navigation

Mail list logo

Footer information