help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Again CFRUN auth probs


From: Daniel Riek
Subject: Again CFRUN auth probs
Date: Thu, 21 Feb 2002 10:20:34 +0100
User-agent: Mutt/1.3.25i

Hi,

I have cfengine 2.0.b2 up and running so far for the client side. This 
means, that running cfagent on my hosts produces the expected results with
public key authentication and encryption (I had no time to do my extensive
copying test yet with encryption, but the encrypted transfer of sensitive
data and the unencrypted sw-distribution works very well :-). But I have
the problem, that cfrun produces the following error message:

Unable to open cfrun.hosts

Same with -f.

Doing a strace show the following:
open("^A/etc/cfengine/cfrun.hosts", O_RDONLY) = -1 ENOENT (No such file or 
directory)

So the "^A" seems to be the problem. - I did not find out that fast, where it
gets in - no obvious source (could it be my environment?). But when I modify
the fopen in cfrun.c to a hard coded file-name it runs but I get the following:

cfrun(0):         .......... [ Hailing www1.mydomain ] ..........
 Host authentication failed. Did you forget the domain 
name?cfrun:struct1.mydomain: Couldn't recv
 cfrun:struct1.mydomain: recv: Connection reset by peer

I am on the server struct1.mydomain and my cfrun.hosts looks like this:

#
domain=mydomain
#
access=root,riek
#
www1.mydomain
#

My cfservd.conf looks like this:

control:

domain = ( mydomain )

any::

 ChecksumDatabase = ( /tmp/testDATABASEcache )
 IfElapsed = ( 1 )
 MaxConnections = ( 10 )

 AllowConnectionsFrom = ( 192.168.13.20 192.168.13.21 192.168.13.41 )

 TrustKeysFrom = ( 192.168.13.20 192.168.13.21 192.168.13.41 )

 AllowUsers = ( root )

#########################################################

 admit:   # or grant:
     any::
        /usr/sbin/cfagent    *.mydomain
        /etc/cfengine        *.mydomain
        /var/lib/cfengine    *.mydomain
        /var/cfengine        *.mydomain


struct1 is 192.168.13.21
www1 is 192.168.13.41

Important to say could be, that struct1 has a virtual interface 
with 192.168.13.20 an the name struct.mydomain - this will be
handled by heartbeat in a failover config...

And really: running cfagent on www1 works fine with pubkeys, etc.

Any ideas? - Am I blind to see the reason or is there a problem????


Regards,

Daniel
-- 
Daniel Riek <address@hidden>   -    http://www.alcove.com/de/
* Technical Manager                -    Tel.:   +49 (0)22 28 / 9 33-2 50
* ALCOVE Deutschland GmbH          -    Fax:    +49 (0)22 28 / 9 33-2 55
* Liberating Software              -    Mobil:  +49 (0)1 71 / 2 80 08 79

Attachment: pgp0res63Y0XS.pgp
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]