help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfd host auth error -- progress I think

From: Andrew Mayhew
Subject: Re: cfd host auth error -- progress I think
Date: Fri, 5 Jan 2001 10:16:11 -0800
User-agent: Mutt/1.2.5i 
Could you run your cfd like this: cfd -d 1 -f cfd.conf >cfd.log 2>cfd.log
and then rerun your client connection.  I have a slightly different
theory as to why your authentication is failing and it doesn't
actually have anything to do with the config file rereading.  What I
believe is really happening is that cfd is denying repeated
connections from the same host based on its "spamming" policy.  So,
after a connection is closed, PurgeOldConnections is called, and
unless it has been more than two hours your old connection lives in a
list of denied hosts.  If this is the case, you should see something
like the following coming out of cfd:
RecvSocketStream(4096)
Purging Old Connections...
Done purging
stool: Denying repeated connection from 10.0.0.233
Checking file updates on ./cfd.server-test (3a4ed98b/3a4eef3b)
Transmission empty...
cfd: terminating NULL transmission!
***Closing socket 5 from 127.0.0.1
Terminating thread...

This is just my theory and if I recall properly, the reason the hosts
are getting put in a deny list after connecting is because the
connection was closed uncleanly.  You can alter this behaviour with the
AllowMultipleConnectionsFrom = ( [IPLIST] ) in cfd's configuration.

--Andrew Mayhew <amayhew@logictier.com>

On Fri, Jan 05, 2001 at 09:38:48AM -0700, Alan Sparks wrote:
> Obviously I speak too soon.  This doesn't entirely eliminate the
> problem:
> 
> Jan  5 09:32:27 xx.xx.net cfd[28733]: Rereading config files
> /opt/cfengine/etc/cfd.conf..
> Jan  5 09:32:27 xx.xx.net cfd[28733]: Host authentication failed or
> access denied 
> 
> Back to the drawing board.
> -Alan
> 
> 
> Alan Sparks wrote:
> > 
> > I think I found a reason why I get rejections from cfd after a config
> > file reload (I'm still testing this).  It looks like a couple of lines
> > are missing in cfd.c starting around line 862 (in CheckFileChanges):
> > 
> >    DeleteItemList(VHEAP);
> >    DeleteItemList(VNEGHEAP);
> >    DeleteAuthList(VADMIT);
> >    DeleteAuthList(VDENY);                       <== ADDED
> >    strcpy(VDOMAIN,"undefined.domain");
> > 
> >    VADMIT = VADMITTOP = NULL;
> >    VDENY = VDENYTOP = NULL;                     <== ADDED
> >    VHEAP = VNEGHEAP = NULL;
> > 
> > I also removed the call to LoadSecretKeys() in this function, since it
> > is called by CheckVariables() (called right before it).
> > 
> > Only thing yet to find is why the following happens... Often after a
> > config file reread, the following log messages occur (and cfd exits):
> > 
> > Jan  2 08:58:46 denverops.quris.net cfd[24918]: Unable to create
> > Jan  2 08:58:46 denverops.quris.net cfd[24918]: creat: No such file or
> > directory
> > Jan  2 08:58:46 denverops.quris.net cfd[24918]: Unable to remove lock
> > /var/run/cfengine/lock.cfd_conf.denverops.cfd.exec
> > Jan  2 08:58:46 denverops.quris.net cfd[24918]: unlink
> > 
> > Notice the first message:  The CFLAST variable is empty.  I can't yet
> > understand how it gets emptied out.
> > 
> > -Alan
> > 
> > --
> > Alan Sparks, Sr. UNIX Administrator     asparks@quris.com
> > Quris, Inc.                             (720) 836-2058
> > 
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://mail.gnu.org/mailman/listinfo/help-cfengine
> 
> -- 
> Alan Sparks, Sr. UNIX Administrator   asparks@quris.com
> Quris, Inc.                           (720) 836-2058
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
reply via email to
[Prev in Thread] Current Thread [Next in Thread]