'\" t
.\"     Title: amanda-auth-ssl
.\"    Author: Jean-Louis Martineau <martineau@zmanda.com>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\"      Date: 12/01/2017
.\"    Manual: Miscellanea
.\"    Source: Amanda 3.5.1
.\"  Language: English
.\"
.TH "AMANDA\-AUTH\-SSL" "7" "12/01/2017" "Amanda 3\&.5\&.1" "Miscellanea"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
amanda-auth-ssl \- SSL Communication/Authentication methods between Amanda server and client
.SH "DESCRIPTION"
.PP
This authenticate method use ssl certificate to authenticate host, all transfer over the network is encrypted\&.
.PP
Each amanda client/server must have its own certificate signed by the amanda CA certificate\&.
.SH "COMPILATION AND GENERAL INFORMATION"
.PP
Amanda must be configure with \-\-with\-ssl\-security
.SH "SERVER/CLIENT CONFIGURATION"
.PP
In
\fBamanda\&.conf\fR
and
\fBamanda\-client\&.conf\fR\&.
.PP
\fBssl\-dir\fR
.RS 4
The directoty where amanda store all the certificates\&. A good value is
\fB~/amanda\-ssl\fR\&.
.RE
.PP
\fBssl\-check\-certificate\-host\fR
.RS 4
Check the peer hostname match the certificate host name\&.
.RE
.PP
\fBssl\-check\-fingerprint\fR
.RS 4
Check the fingerprint of the certificate is the same as the fingerprint we already have for that host\&.
.RE
.PP
\fBssl\-check\-host\fR
.RS 4
Do the bsd check, dns name of peer IP is the hostname we connect to\&.
.RE
.SH "FILESYSTEM LAYOUT FOR CERTIFICATES"
.nf
$SSL_DIR/CA/crt\&.pem                   # CA certificate that signed
                                        all certificates\&.
$SSL_DIR/CA/private/key\&.pem           # CA private key
                                        (on server only)
$SSL_DIR/me/crt\&.pem                   # public certificate of the host
$SSL_DIR/me/private/key\&.pem           # private key of the host
$SSL_DIR/me/fingerprint               # fingerprint of my certificate
$SSL_DIR/remote/HOSTNAME/fingerprint  # fingerprint of the HOSTNAME
                                        certificate
.fi
.PP
On the
\fBHOSTNAME\fR
host,
\fB$SSL_DIR/remote/HOSTNAME\fR
is a symbolic link to
\fB\&.\&./me\fR\&.
.SH "PROGRAM TO HELP CONFIGURATION"
.PP
The
\fBamssl\fR
program is a tool to manage the certificate\&.
.SH "SEE ALSO"
.PP
\fBamanda\fR(8),
\fBamanda.conf\fR(5),
\fBamanda-client.conf\fR(5),
\fBdisklist\fR(5),
\fBamdump\fR(8),
\fBamrecover\fR(8),
\fBamssl\fR(8),
\fBamanda-auth\fR(7)
.PP
The Amanda Wiki:
: http://wiki.zmanda.com/
.SH "AUTHORS"
.PP
\fBJean\-Louis Martineau\fR <\&martineau@zmanda\&.com\&>
.RS 4
Zmanda, Inc\&. (http://www\&.zmanda\&.com)
.RE
.PP
\fBDustin J\&. Mitchell\fR <\&dustin@zmanda\&.com\&>
.RS 4
Zmanda, Inc\&. (http://www\&.zmanda\&.com)
.RE
.PP
\fBPaul Yeatman\fR <\&pyeatman@zmanda\&.com\&>
.RS 4
Zmanda, Inc\&. (http://www\&.zmanda\&.com)
.RE