Comment 3 for bug 222558

I was not aware of this bug (sorry, I should look at them all), but I think I can shed some light on it and even provide the "code" necessary to fix it.

Basically the user is saying that each Bacula daemon generated needs a shared secrete random password used for authentication, and these passwords *must* be generated at install time to be unique. I have not looked at your packages but I believe that you inherited them from Debian where I have reported this problem. The passwords that you release in the bacula-xx.conf files are generated by Bacula at build time, and thus are installed on all systems, and hence are not secure, and this applies to all versions of Bacula that you have packaged. If you have explicitly added code in the install process that generates random passwords, then this bug should be closed, otherwise, it should be left open and marked as a security problem.

Note, this is a packaging problem. Bacula generates random passwords during the ./configure process, so everything is consistent, but once it is packaged, the packager needs to create similar code to the Bacula ./configure so that all installations will have different passwords.

If you want, I can provide you with sample code suitable to put in your installation packages.