Enabling TLS Authentication between Director and Console

#. If you’re using an anonymous console: You only need to define the TLS directives in the resource of both bacula-dir.conf and bconsole.conf files.

In bacula-dir.conf:

Director {
    Name = darkstar-dir
    DIR Port = 9111
    DIR Address = darkstar.example.com
    QueryFile = "/usr/local/bacula/scripts/query.sql"
    WorkingDirectory = "/usr/local/bacula/working"
    PidDirectory = "/var/run"
    Maximum Concurrent Jobs = 10
    Password = "password"
    Messages = Daemon
    TLS Enable = yes
    TLS Require = yes
    TLS Verify Peer = yes
    TLS Authenticate = yes
    TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
    TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
    TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
}

In bconsole.conf:

Director {
    Name = darkstar-dir
    DIRport = 9111
    Address = darkstar.example.com
    Password = "password"
    TLS Enable = yes
    TLS Require = yes
    TLS Authenticate = yes
    TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
    TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
    TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
}

#. If you are using a named console: You only need to define the TLS directives in the resource of both bacula-dir.conf and bconsole.conf .

• In bacula-dir.conf: There is no need to configure TLS in the resource as for option SEE:

  Director {
      Name = darkstar-dir
      DIR Port = 9111
      DIR Address = darkstar.example.com
      QueryFile = "/usr/local/bacula/scripts/query.sql"
      WorkingDirectory = "/usr/local/bacula/working"
      PidDirectory = "/var/run"
      Maximum Concurrent Jobs = 10
      Password = "password"
      Messages = Daemon
  }
  

Instead, the resource has the TLS configurations:

Console {
    Name = darkstar-con
    Password = "password"
    TLS Enable = yes
    TLS Require = yes
    TLS Verify Peer = yes
    TLS Authenticate = yes
    TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
    TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
    TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
}

• In bconsole.conf: There is no need to configure TLS in the resource as for option SEE:

Director {
    Name = darkstar-dir
    DIRport = 9111
    Address = darkstar.example.com
    Password = "password"
}

Instead, the resource has the TLS configurations:

Console {
    Name = darkstar-con
    Password = "password"
    TLS Enable = yes
    TLS Require = yes
    TLS Verify Peer = yes
    TLS Authenticate = yes
    TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
    TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
    TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
}

See also

Next articles:

• Enabling TLS Authentication between Director and Client

• Enabling TLS Authentication between Director and Storage

• Enabling TLS Authentication between Client and Storage

Go back to: Enable TLS Authentication Between Daemons.