help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Again CFRUN auth probs


From: Daniel Riek
Subject: Re: Again CFRUN auth probs
Date: Mon, 25 Feb 2002 11:56:37 +0100
User-agent: Mutt/1.3.25i

Hi Mark,

I did a unset CFINPUTS befor testing... Now I added the line
bzero(filename,bufsize);
in void ReadCfrunConf() after the variable declarations and now I
do noat get the error anymore...

Still I have the authentication problem. - Do you (or anybody else here)
have any hint for me? - I am really quite sure, that I configured the
Trustkey-stuff correctly, as the cfagent work very well on the individual
machines...

Regards,

Daniel

On Thu, Feb 21, 2002 at 10:30:51AM +0100, address@hidden wrote:
> 
> Very strange! My guess would be whereever you defined CFINPUTS
> to look in /etc/cfengine ...
> 
> M
> 
> 
> On 21 Feb, Daniel Riek wrote:
> > Hi,
> > 
> > I have cfengine 2.0.b2 up and running so far for the client side. This 
> > means, that running cfagent on my hosts produces the expected results with
> > public key authentication and encryption (I had no time to do my extensive
> > copying test yet with encryption, but the encrypted transfer of sensitive
> > data and the unencrypted sw-distribution works very well :-). But I have
> > the problem, that cfrun produces the following error message:
> > 
> > Unable to open cfrun.hosts
> > 
> > Same with -f.
> > 
> > Doing a strace show the following:
> > open("^A/etc/cfengine/cfrun.hosts", O_RDONLY) = -1 ENOENT (No such file or 
> > directory)
> > 
> > So the "^A" seems to be the problem. - I did not find out that fast, where 
> > it
> > gets in - no obvious source (could it be my environment?). But when I modify
> > the fopen in cfrun.c to a hard coded file-name it runs but I get the 
> > following:
> > 
> > cfrun(0):         .......... [ Hailing www1.mydomain ] ..........
> >  Host authentication failed. Did you forget the domain 
> > name?cfrun:struct1.mydomain: Couldn't recv
> >  cfrun:struct1.mydomain: recv: Connection reset by peer
> > 
> > I am on the server struct1.mydomain and my cfrun.hosts looks like this:
> > 
> > #
> > domain=mydomain
> > #
> > access=root,riek
> > #
> > www1.mydomain
> > #
> > 
> > My cfservd.conf looks like this:
> > 
> > control:
> > 
> > domain = ( mydomain )
> > 
> > any::
> > 
> >  ChecksumDatabase = ( /tmp/testDATABASEcache )
> >  IfElapsed = ( 1 )
> >  MaxConnections = ( 10 )
> > 
> >  AllowConnectionsFrom = ( 192.168.13.20 192.168.13.21 192.168.13.41 )
> > 
> >  TrustKeysFrom = ( 192.168.13.20 192.168.13.21 192.168.13.41 )
> > 
> >  AllowUsers = ( root )
> > 
> > #########################################################
> > 
> >  admit:   # or grant:
> >      any::
> >     /usr/sbin/cfagent    *.mydomain
> >     /etc/cfengine        *.mydomain
> >     /var/lib/cfengine    *.mydomain
> >     /var/cfengine        *.mydomain
> > 
> > 
> > struct1 is 192.168.13.21
> > www1 is 192.168.13.41
> > 
> > Important to say could be, that struct1 has a virtual interface     
> > with 192.168.13.20 an the name struct.mydomain - this will be
> > handled by heartbeat in a failover config...
> > 
> > And really: running cfagent on www1 works fine with pubkeys, etc.
> > 
> > Any ideas? - Am I blind to see the reason or is there a problem????
> > 
> > 
> > Regards,
> > 
> > Daniel
> 
> 
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272            Email:  address@hidden
> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/help-cfengine
> 

-- 
Daniel Riek <address@hidden>   -    http://www.alcove.com/de/
* Technical Manager                -    Tel.:   +49 (0)22 28 / 9 33-2 50
* ALCOVE Deutschland GmbH          -    Fax:    +49 (0)22 28 / 9 33-2 55
* Liberating Software              -    Mobil:  +49 (0)1 71 / 2 80 08 79

Attachment: pgpJHk0rFHvpJ.pgp
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]