[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfd host auth error -- progress I think
From: |
Andrew Mayhew |
Subject: |
Re: cfd host auth error -- progress I think |
Date: |
Fri, 5 Jan 2001 10:16:11 -0800 |
User-agent: |
Mutt/1.2.5i |
Could you run your cfd like this: cfd -d 1 -f cfd.conf >cfd.log 2>cfd.log
and then rerun your client connection. I have a slightly different
theory as to why your authentication is failing and it doesn't
actually have anything to do with the config file rereading. What I
believe is really happening is that cfd is denying repeated
connections from the same host based on its "spamming" policy. So,
after a connection is closed, PurgeOldConnections is called, and
unless it has been more than two hours your old connection lives in a
list of denied hosts. If this is the case, you should see something
like the following coming out of cfd:
RecvSocketStream(4096)
Purging Old Connections...
Done purging
stool: Denying repeated connection from 10.0.0.233
Checking file updates on ./cfd.server-test (3a4ed98b/3a4eef3b)
Transmission empty...
cfd: terminating NULL transmission!
***Closing socket 5 from 127.0.0.1
Terminating thread...
This is just my theory and if I recall properly, the reason the hosts
are getting put in a deny list after connecting is because the
connection was closed uncleanly. You can alter this behaviour with the
AllowMultipleConnectionsFrom = ( [IPLIST] ) in cfd's configuration.
--Andrew Mayhew <amayhew@logictier.com>
On Fri, Jan 05, 2001 at 09:38:48AM -0700, Alan Sparks wrote:
> Obviously I speak too soon. This doesn't entirely eliminate the
> problem:
>
> Jan 5 09:32:27 xx.xx.net cfd[28733]: Rereading config files
> /opt/cfengine/etc/cfd.conf..
> Jan 5 09:32:27 xx.xx.net cfd[28733]: Host authentication failed or
> access denied
>
> Back to the drawing board.
> -Alan
>
>
> Alan Sparks wrote:
> >
> > I think I found a reason why I get rejections from cfd after a config
> > file reload (I'm still testing this). It looks like a couple of lines
> > are missing in cfd.c starting around line 862 (in CheckFileChanges):
> >
> > DeleteItemList(VHEAP);
> > DeleteItemList(VNEGHEAP);
> > DeleteAuthList(VADMIT);
> > DeleteAuthList(VDENY); <== ADDED
> > strcpy(VDOMAIN,"undefined.domain");
> >
> > VADMIT = VADMITTOP = NULL;
> > VDENY = VDENYTOP = NULL; <== ADDED
> > VHEAP = VNEGHEAP = NULL;
> >
> > I also removed the call to LoadSecretKeys() in this function, since it
> > is called by CheckVariables() (called right before it).
> >
> > Only thing yet to find is why the following happens... Often after a
> > config file reread, the following log messages occur (and cfd exits):
> >
> > Jan 2 08:58:46 denverops.quris.net cfd[24918]: Unable to create
> > Jan 2 08:58:46 denverops.quris.net cfd[24918]: creat: No such file or
> > directory
> > Jan 2 08:58:46 denverops.quris.net cfd[24918]: Unable to remove lock
> > /var/run/cfengine/lock.cfd_conf.denverops.cfd.exec
> > Jan 2 08:58:46 denverops.quris.net cfd[24918]: unlink
> >
> > Notice the first message: The CFLAST variable is empty. I can't yet
> > understand how it gets emptied out.
> >
> > -Alan
> >
> > --
> > Alan Sparks, Sr. UNIX Administrator asparks@quris.com
> > Quris, Inc. (720) 836-2058
> >
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://mail.gnu.org/mailman/listinfo/help-cfengine
>
> --
> Alan Sparks, Sr. UNIX Administrator asparks@quris.com
> Quris, Inc. (720) 836-2058
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine