SearchFAQMemberlist Log in

Backup Central Forums Forum Index » Bacula » Password Protection on Restore?

The time now is Fri May 25, 2012 12:21 am
View previous topic | View next topic
Reply to topic Page 1 of 1
Password Protection on Restore?
Author Message
Guest



Post Password Protection on Restore? 
Hi,

I'm looking for a way to have restrictions on who can restore certain
machines within my department. The reason for this is because some
machines have sensitive data which should not necessarily fall into the
hands of anybody who can perform a restore. I'm open to any suggestions
you may have.

I was thinking of using data encryption as discussed in the manual and
have the ssl key require a passphrase. Here are a few questions I thought
of:

1. Is this supported by bacula? Is somebody else doing this?

2. Will this even work?

3. Is it possible to only use the master certificate to do the encryption?

4. Will I be required to enter the passphrase upon backing up data as
well? For automation reasons, this is not something I want.

Thanks for any ideas you may have.

Michael
Sun Mar 18, 2007 11:52 am
Guest



Post Password Protection on Restore? 
Michael Havas schrieb:
Hi,

I was thinking of using data encryption as discussed in the manual and
have the ssl key require a passphrase. Here are a few questions I thought
of:

1. Is this supported by bacula? Is somebody else doing this?

2. Will this even work?

3. Is it possible to only use the master certificate to do the encryption?
In my opinion yes. Use only a master cert on the fd for encryption.
This will prevent from restore without having the master key file.
But this mean you cannot directly restore on the client without having
the master key on the client so the client fd can read them.

4. Will I be required to enter the passphrase upon backing up data as
well? For automation reasons, this is not something I want.
For encryption you will never need an password. The cert is enough.
The cert could not be used for decryption.
For decryption:
I have never seen asking interactive password for decryption. You must
have the key for decryption stored without the password. But my idea is
you can put them on an memory stick for example.

This is my opinion. I have not tested them but it should work.
For encryption I use a master cert and a fd cert for every client.
And on every client the fd key is stored so I can recover directly
on the client.
The master key is only used by my if the client key is lost by recover
the whole client.

MfG...
Pierre Bernhardt
Mon Mar 19, 2007 7:42 am
Display posts from previous:

Backup Central Forums Forum Index » Bacula » Password Protection on Restore?

The time now is Fri May 25, 2012 12:21 am | All times are GMT - 8 Hours
 
Reply to topic Page 1 of 1
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
  


Magic SEO URL for phpBB