Enabling TLS Authentication between Director and Console
#. If you’re using an anonymous console: You only need to define the TLS directives in the resource of both bacula-dir.conf and bconsole.conf files.
In bacula-dir.conf:
Director { Name = darkstar-dir DIR Port = 9111 DIR Address = darkstar.example.com QueryFile = "/usr/local/bacula/scripts/query.sql" WorkingDirectory = "/usr/local/bacula/working" PidDirectory = "/var/run" Maximum Concurrent Jobs = 10 Password = "password" Messages = Daemon TLS Enable = yes TLS Require = yes TLS Verify Peer = yes TLS Authenticate = yes TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem }In bconsole.conf:
Director { Name = darkstar-dir DIRport = 9111 Address = darkstar.example.com Password = "password" TLS Enable = yes TLS Require = yes TLS Authenticate = yes TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem }
#. If you are using a named console: You only need to define the TLS directives in the resource of both bacula-dir.conf and bconsole.conf .
In bacula-dir.conf: There is no need to configure TLS in the resource as for option SEE:
Director { Name = darkstar-dir DIR Port = 9111 DIR Address = darkstar.example.com QueryFile = "/usr/local/bacula/scripts/query.sql" WorkingDirectory = "/usr/local/bacula/working" PidDirectory = "/var/run" Maximum Concurrent Jobs = 10 Password = "password" Messages = Daemon }Instead, the resource has the TLS configurations:
Console { Name = darkstar-con Password = "password" TLS Enable = yes TLS Require = yes TLS Verify Peer = yes TLS Authenticate = yes TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem }
In bconsole.conf: There is no need to configure TLS in the resource as for option SEE:
Director { Name = darkstar-dir DIRport = 9111 Address = darkstar.example.com Password = "password" }Instead, the resource has the TLS configurations:
Console { Name = darkstar-con Password = "password" TLS Enable = yes TLS Require = yes TLS Verify Peer = yes TLS Authenticate = yes TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem }
See also
Go to:
Go back to the Enable TLS Authentication Between Daemons chapter.
Go back to the Example TLS Configuration Files chapter.
Go back to the Bacula Communications Encryption chapter.
Go back to the main Advanced Features Usage page.