Enable TLS Authentication Between Daemons

Bacula by default uses CRAM-MD5 authentication using the Password directive as a shared secret for each daemon. In addition to this, you can also use TLS to provide a more secure authentication between the daemons. This is achieved by using the TLS Authenticate = yes directive in the main daemon configuration resource in addition to configuring TLS Enable, TLS Require, TLS Certificate CA File, TLS Certificate and TLS Key directives. Please find examples below.

Notice a very important feature of enabling TLS Authenticate to your daemons: if you enable the TLS authentication, the TLS encryption will be turned off and communication between the daemons will be done without Encryption.

Read more:

• Enabling TLS Authentication between Director and Console
• Enabling TLS Authentication between Director and Client
• Enabling TLS Authentication between Director and Storage
• Enabling TLS Authentication between Client and Storage

See also

Go back to:

• Enable TLS Communications Encryption between Daemons

Go to:

• Using Certificates Issued by Different Root

Go back to the Example TLS Configuration Files chapter.

Go back to the Bacula Communications Encryption chapter.

Go back to the main Advanced Features Usage page.