[Bug 222558] Re: password in bacula-fd.conf is not auto-generated

hehol henning at loca.net
Wed Sep 10 14:27:17 BST 2008


I'm sorry I did not respond to this bug earlier. I missed Chuck's reply
in April. Kern is absolutely right, this is a packaging problem
inherited from Debian.

I didn't want to make the problem bigger than it acutally is. People who
are using Bacula should be aware of the fact that the software uses a
shared secret to communicate between the different components of the
software package. But Joe Average who runs Bacula with the default
settings coming from the .deb package will find himself left with a
shared secret common to all Ubuntu Bacula installations and there are no
indications whatsoever in the READMEs or in the configuration files
which indicate this weakness.

Depending on your point of view, you might consider this a serious
security issue.

** Changed in: bacula (Ubuntu)
       Status: Invalid => New

-- 
password in bacula-fd.conf is not auto-generated
https://bugs.launchpad.net/bugs/222558
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in ubuntu.



More information about the Ubuntu-server-bugs mailing list