Names, Passwords and Authorization

In order for one daemon to contact another daemon, it must authorize itself with a password. In most cases, the password corresponds to a particular name, so both the name and the password must match to be authorized. Passwords are plain text, any text. They are not generated by any special process; just use random text.

The default configuration files are automatically defined for correct authorization with random passwords. If you add to or modify these files, you will need to take care to keep them consistent.

Here is sort of a picture of what names/passwords in which files/Resources must match up:

In the left column, you will find the Director, Storage, and Client resources, with their names and passwords – these are all in bacula-dir.conf. In the right column are where the corresponding values should be found in the Console, Storage Daemon (SD), and File Daemon (FD) configuration files.

Note that the Address, fd-sd, that appears in the Storage resource of the Director, preceded with and asterisk in the above example, is passed to the File Daemon in symbolic form. The File Daemon then resolves it to an IP address. For this reason, you must use either an IP address or a fully qualified name. A name such as localhost, not being a fully qualified name, will resolve in the File daemon to the localhost of the File Daemon, which is most likely not what is desired. The password used for the File Daemon to authorize with the Storage Daemon is a temporary password unique to each Job created by the daemons and is not specified in any .conf file.