|
Packit |
23ab03 |
'\" t
|
|
Packit |
23ab03 |
.\" Title: amanda-auth-ssl
|
|
Packit |
23ab03 |
.\" Author: Jean-Louis Martineau <martineau@zmanda.com>
|
|
Packit |
23ab03 |
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
|
|
Packit |
23ab03 |
.\" Date: 12/01/2017
|
|
Packit |
23ab03 |
.\" Manual: Miscellanea
|
|
Packit |
23ab03 |
.\" Source: Amanda 3.5.1
|
|
Packit |
23ab03 |
.\" Language: English
|
|
Packit |
23ab03 |
.\"
|
|
Packit |
23ab03 |
.TH "AMANDA\-AUTH\-SSL" "7" "12/01/2017" "Amanda 3\&.5\&.1" "Miscellanea"
|
|
Packit |
23ab03 |
.\" -----------------------------------------------------------------
|
|
Packit |
23ab03 |
.\" * Define some portability stuff
|
|
Packit |
23ab03 |
.\" -----------------------------------------------------------------
|
|
Packit |
23ab03 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
23ab03 |
.\" http://bugs.debian.org/507673
|
|
Packit |
23ab03 |
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
Packit |
23ab03 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
23ab03 |
.ie \n(.g .ds Aq \(aq
|
|
Packit |
23ab03 |
.el .ds Aq '
|
|
Packit |
23ab03 |
.\" -----------------------------------------------------------------
|
|
Packit |
23ab03 |
.\" * set default formatting
|
|
Packit |
23ab03 |
.\" -----------------------------------------------------------------
|
|
Packit |
23ab03 |
.\" disable hyphenation
|
|
Packit |
23ab03 |
.nh
|
|
Packit |
23ab03 |
.\" disable justification (adjust text to left margin only)
|
|
Packit |
23ab03 |
.ad l
|
|
Packit |
23ab03 |
.\" -----------------------------------------------------------------
|
|
Packit |
23ab03 |
.\" * MAIN CONTENT STARTS HERE *
|
|
Packit |
23ab03 |
.\" -----------------------------------------------------------------
|
|
Packit |
23ab03 |
.SH "NAME"
|
|
Packit |
23ab03 |
amanda-auth-ssl \- SSL Communication/Authentication methods between Amanda server and client
|
|
Packit |
23ab03 |
.SH "DESCRIPTION"
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
This authenticate method use ssl certificate to authenticate host, all transfer over the network is encrypted\&.
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
Each amanda client/server must have its own certificate signed by the amanda CA certificate\&.
|
|
Packit |
23ab03 |
.SH "COMPILATION AND GENERAL INFORMATION"
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
Amanda must be configure with \-\-with\-ssl\-security
|
|
Packit |
23ab03 |
.SH "SERVER/CLIENT CONFIGURATION"
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
In
|
|
Packit |
23ab03 |
\fBamanda\&.conf\fR
|
|
Packit |
23ab03 |
and
|
|
Packit |
23ab03 |
\fBamanda\-client\&.conf\fR\&.
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
\fBssl\-dir\fR
|
|
Packit |
23ab03 |
.RS 4
|
|
Packit |
23ab03 |
The directoty where amanda store all the certificates\&. A good value is
|
|
Packit |
23ab03 |
\fB~/amanda\-ssl\fR\&.
|
|
Packit |
23ab03 |
.RE
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
\fBssl\-check\-certificate\-host\fR
|
|
Packit |
23ab03 |
.RS 4
|
|
Packit |
23ab03 |
Check the peer hostname match the certificate host name\&.
|
|
Packit |
23ab03 |
.RE
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
\fBssl\-check\-fingerprint\fR
|
|
Packit |
23ab03 |
.RS 4
|
|
Packit |
23ab03 |
Check the fingerprint of the certificate is the same as the fingerprint we already have for that host\&.
|
|
Packit |
23ab03 |
.RE
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
\fBssl\-check\-host\fR
|
|
Packit |
23ab03 |
.RS 4
|
|
Packit |
23ab03 |
Do the bsd check, dns name of peer IP is the hostname we connect to\&.
|
|
Packit |
23ab03 |
.RE
|
|
Packit |
23ab03 |
.SH "FILESYSTEM LAYOUT FOR CERTIFICATES"
|
|
Packit |
23ab03 |
.nf
|
|
Packit |
23ab03 |
$SSL_DIR/CA/crt\&.pem # CA certificate that signed
|
|
Packit |
23ab03 |
all certificates\&.
|
|
Packit |
23ab03 |
$SSL_DIR/CA/private/key\&.pem # CA private key
|
|
Packit |
23ab03 |
(on server only)
|
|
Packit |
23ab03 |
$SSL_DIR/me/crt\&.pem # public certificate of the host
|
|
Packit |
23ab03 |
$SSL_DIR/me/private/key\&.pem # private key of the host
|
|
Packit |
23ab03 |
$SSL_DIR/me/fingerprint # fingerprint of my certificate
|
|
Packit |
23ab03 |
$SSL_DIR/remote/HOSTNAME/fingerprint # fingerprint of the HOSTNAME
|
|
Packit |
23ab03 |
certificate
|
|
Packit |
23ab03 |
.fi
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
On the
|
|
Packit |
23ab03 |
\fBHOSTNAME\fR
|
|
Packit |
23ab03 |
host,
|
|
Packit |
23ab03 |
\fB$SSL_DIR/remote/HOSTNAME\fR
|
|
Packit |
23ab03 |
is a symbolic link to
|
|
Packit |
23ab03 |
\fB\&.\&./me\fR\&.
|
|
Packit |
23ab03 |
.SH "PROGRAM TO HELP CONFIGURATION"
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
The
|
|
Packit |
23ab03 |
\fBamssl\fR
|
|
Packit |
23ab03 |
program is a tool to manage the certificate\&.
|
|
Packit |
23ab03 |
.SH "SEE ALSO"
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
\fBamanda\fR(8),
|
|
Packit |
23ab03 |
\fBamanda.conf\fR(5),
|
|
Packit |
23ab03 |
\fBamanda-client.conf\fR(5),
|
|
Packit |
23ab03 |
\fBdisklist\fR(5),
|
|
Packit |
23ab03 |
\fBamdump\fR(8),
|
|
Packit |
23ab03 |
\fBamrecover\fR(8),
|
|
Packit |
23ab03 |
\fBamssl\fR(8),
|
|
Packit |
23ab03 |
\fBamanda-auth\fR(7)
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
The Amanda Wiki:
|
|
Packit |
23ab03 |
: http://wiki.zmanda.com/
|
|
Packit |
23ab03 |
.SH "AUTHORS"
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
\fBJean\-Louis Martineau\fR <\&martineau@zmanda\&.com\&>
|
|
Packit |
23ab03 |
.RS 4
|
|
Packit |
23ab03 |
Zmanda, Inc\&. (http://www\&.zmanda\&.com)
|
|
Packit |
23ab03 |
.RE
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
\fBDustin J\&. Mitchell\fR <\&dustin@zmanda\&.com\&>
|
|
Packit |
23ab03 |
.RS 4
|
|
Packit |
23ab03 |
Zmanda, Inc\&. (http://www\&.zmanda\&.com)
|
|
Packit |
23ab03 |
.RE
|
|
Packit |
23ab03 |
.PP
|
|
Packit |
23ab03 |
\fBPaul Yeatman\fR <\&pyeatman@zmanda\&.com\&>
|
|
Packit |
23ab03 |
.RS 4
|
|
Packit |
23ab03 |
Zmanda, Inc\&. (http://www\&.zmanda\&.com)
|
|
Packit |
23ab03 |
.RE
|