help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hung cfservd


From: Mark . Burgess
Subject: Re: hung cfservd
Date: Wed, 29 Jan 2003 20:56:41 +0100 (MET)

ok, this is something I haven't seen, but here's atip.
I have seen encryption failures between versions of cfengine
compiled with different versions of the OpenSSL library.
Something to check out....

M


On 29 Jan, Wipf, Stefan wrote:
> sorry I should know better:
> 
> version 2.0.5pre2
> 
> address@hidden wrote:
>> 
>> Version, version, version????
>> 
>> Upgrade, upgrade, upgrade...!!
>> 
>> :)
>> 
>> M
>> 
>> On 29 Jan, Wipf, Stefan wrote:
>> > We observed that when cfengine connects to cfservd to
>> > copy files using an old or incorrect public key for the
>> > cfservd server, cfservd freezes and all further cfengine
>> > processes connecting to this cfservd instance hang
>> > indefinitely even if they use the correct public key.
>> >
>> > has anybody come across this before?
>> >
>> > platform: solaris 2.6
>> >
>> > cfservd.conf:
>> >   control:
>> >        domain                = ( htc.com )
>> >        AllowConnectionsFrom  = ( 139.172.0.0/16 )
>> >        AllowUsers            = ( root )
>> >
>> >   admit:
>> >       /some_directory   *.htc.com
>> >
>> > output from cfagent (on macbeth) using an old public key:
>> >  BAD: Host authentication failed. Did you forget the domain name?
>> >  Authentication dialogue with neutron.htc.com failed
>> >  Unable to establish connection with neutron.htc.com
>> >
>> > from cfservd --debug:
>> >  ...
>> >  Canonical name matched host's assertion - id confirmed as
>> > macbeth.htc.com
>> >  Checking address number 0 for non-canonical names (aliases)
>> >  Reverse lookup succeeded
>> >  Host ID is macbeth.htc.com
>> >  User ID seems to be root
>> >  RecvSocketStream(8)
>> >     (Concatenated 8 from stream)
>> >  Transaction Receive [t 280][]
>> >  RecvSocketStream(280)
>> >     (Concatenated 280 from stream)
>> >  Received: [SAUTH y 256 37] on socket 6
>> >  Challenge encryption = y, nonce = 37, buf = 256
>> >  neutron.htc.com: Private decrypt failed = block type is not 02
>> >  neutron.htc.com: Host authorization/authentication failed or access
>> > denied
>> >  Transaction Send[t 64][Packed text]
>> >  SendSocketStream, sent 72
>> >  neutron.htc.com: From (host=macbeth.htc.com,user=root,ip=139.172.44.10)
>> >  Terminating thread...
>> >  ***Closing socket 6 from 139.172.44.10
>> >  Deleted item 139.172.44.10
>> > # here comes the next client
>> >  IPV4 address
>> >  sockaddr_ntop(139.172.44.3)
>> >  Obtained IP address of 139.172.44.3 on socket 6 from accept
>> >  FuzzyItemIn(139.172.44.3)
>> >  Purging Old Connections...
>> >  Done purging
>> >  FuzzyItemIn(139.172.44.3)
>> >  Prepending 139.172.44.3
>> > # never to return again
>> >
>> >
>> >
>> 
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Work: +47 22453272            Email:  address@hidden
>> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






reply via email to

[Prev in Thread] Current Thread [Next in Thread]