[Bug 222558] Re: password in bacula-fd.conf is not auto-generated
Kern Sibbald
kern at sibbald.com
Wed Sep 24 16:25:04 BST 2008
On Wednesday 24 September 2008 11:13:20 Ante Karamatić wrote:
> I'll mark this bug as 'medium' at the moment. But this should be
> resolved as soon as possible.
>
> Kern, of course, any code would be welcome. It's clear that we should
> generate password on postinstall of package, not during compile-time.
>
> ** Changed in: bacula (Ubuntu)
> Importance: Undecided => Medium
> Status: New => Confirmed
I am not (yet) a Debian packaging expert, so I asked the Bacula .deb guy
(Eric), and this is his response. Sorry for emailer wrapping, but you can
probably figure it out.
On Wednesday 24 September 2008 16:18:58 you wrote:
> Hello Eric,
>
> Do you have some .deb magic I could send off to the Ubuntu Bacula
> maintainers so that they can generate random passwords when installing
> Bacula?
I use the bacula-common configuration script (debian/bacula-common.config) to
compute and store random password for all bacula packages. (my template file
is ok too)
if ! db_get bacula/director_passwd; then
db_set bacula/director_passwd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/director_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/fd_passwd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/fd_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/sd_passwd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/sd_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
fi
After that, i use special strings to replace password in configuration file
(like for RPM)
./configure ...
--with-dir-password="XXX_REPLACE_WITH_DIRECTOR_PASSWORD_XXX" \
--with-fd-password="XXX_REPLACE_WITH_CLIENT_PASSWORD_XXX" \
--with-sd-password="XXX_REPLACE_WITH_STORAGE_PASSWORD_XXX" \
--with-mon-dir-password="XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX"
\
--with-mon-fd-password="XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX"
\
--with-mon-sd-password="XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX"
\
At the end, i just have to replace XXX_...XXX strings by what we have computed
in each
package.postinst script.
db_get bacula/director_mpasswd
db_dir_mpass="$RET"
db_get bacula/fd_mpasswd
db_fd_mpass="$RET"
db_get bacula/sd_mpasswd
db_sd_mpass="$RET"
db_stop
sed \
-e "s%XXX_REPLACE_WITH_DIRECTOR_MONITOR_PASSWORD_XXX%$db_dir_mpass%"
\
-e "s%XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX%$db_sd_mpass%"
\
-e "s%XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX%$db_fd_mpass%"
\
< $SRCDIR/$CONFIG > $TARGET
At the end, if you configure FD/SD/DIR/Console on the same box, all your
passwords
will be ok.
They have also to remove the XXAddress = 127.0.0.1 from all configuration
file.
--
password in bacula-fd.conf is not auto-generated
https://bugs.launchpad.net/bugs/222558
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in ubuntu.
More information about the Ubuntu-server-bugs
mailing list