[Bug 222558] Re: password in bacula-fd.conf is not auto-generated

Kern Sibbald kern at sibbald.com
Wed Sep 24 16:25:04 BST 2008


On Wednesday 24 September 2008 11:13:20 Ante Karamatić wrote:
> I'll mark this bug as 'medium' at the moment. But this should be
> resolved as soon as possible.
>
> Kern, of course, any code would be welcome. It's clear that we should
> generate password on postinstall of package, not during compile-time.
>
> ** Changed in: bacula (Ubuntu)
>    Importance: Undecided => Medium
>        Status: New => Confirmed

I am not (yet) a Debian packaging expert, so I asked the Bacula .deb guy 
(Eric), and this is his response.  Sorry for emailer wrapping, but you can 
probably figure it out.

On Wednesday 24 September 2008 16:18:58 you wrote:
> Hello Eric,
>
> Do you have some .deb magic I could send off to the Ubuntu Bacula
> maintainers so that they can generate random passwords when installing
> Bacula?

I use the bacula-common configuration script (debian/bacula-common.config) to
compute and store random password for all bacula packages. (my template file 
is ok too)

if ! db_get bacula/director_passwd; then
    db_set bacula/director_passwd  $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
    db_set bacula/director_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
    db_set bacula/fd_passwd  $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
    db_set bacula/fd_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
    db_set bacula/sd_passwd  $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
    db_set bacula/sd_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | 
head -c33)
fi

After that, i use special strings to replace password in configuration file 
(like for RPM)

./configure ... 
          --with-dir-password="XXX_REPLACE_WITH_DIRECTOR_PASSWORD_XXX" \
          --with-fd-password="XXX_REPLACE_WITH_CLIENT_PASSWORD_XXX" \
          --with-sd-password="XXX_REPLACE_WITH_STORAGE_PASSWORD_XXX" \
          --with-mon-dir-password="XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX" 
\
          --with-mon-fd-password="XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX" 
\
          --with-mon-sd-password="XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX" 
\

At the end, i just have to replace XXX_...XXX strings by what we have computed 
in each
package.postinst script.

        db_get bacula/director_mpasswd
        db_dir_mpass="$RET"
        db_get bacula/fd_mpasswd
        db_fd_mpass="$RET"
        db_get bacula/sd_mpasswd
        db_sd_mpass="$RET"
        db_stop

        sed \
            -e "s%XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX%$db_dir_mpass%" 
\
            -e "s%XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX%$db_sd_mpass%" 
\
            -e "s%XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX%$db_fd_mpass%" 
\
          < $SRCDIR/$CONFIG > $TARGET

At the end, if you configure FD/SD/DIR/Console on the  same box, all your 
passwords
will be ok.

They have also to remove the XXAddress = 127.0.0.1 from all configuration 
file.

-- 
password in bacula-fd.conf is not auto-generated
https://bugs.launchpad.net/bugs/222558
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in ubuntu.



More information about the Ubuntu-server-bugs mailing list