[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: hung cfservd
|
From: |
Mark . Burgess |
|
Subject: |
Re: hung cfservd |
|
Date: |
Wed, 29 Jan 2003 20:56:41 +0100 (MET) |
ok, this is something I haven't seen, but here's atip.
I have seen encryption failures between versions of cfengine
compiled with different versions of the OpenSSL library.
Something to check out....
M
On 29 Jan, Wipf, Stefan wrote:
> sorry I should know better:
>
> version 2.0.5pre2
>
> Mark.Burgess@iu.hio.no wrote:
>>
>> Version, version, version????
>>
>> Upgrade, upgrade, upgrade...!!
>>
>> :)
>>
>> M
>>
>> On 29 Jan, Wipf, Stefan wrote:
>> > We observed that when cfengine connects to cfservd to
>> > copy files using an old or incorrect public key for the
>> > cfservd server, cfservd freezes and all further cfengine
>> > processes connecting to this cfservd instance hang
>> > indefinitely even if they use the correct public key.
>> >
>> > has anybody come across this before?
>> >
>> > platform: solaris 2.6
>> >
>> > cfservd.conf:
>> > control:
>> > domain = ( htc.com )
>> > AllowConnectionsFrom = ( 139.172.0.0/16 )
>> > AllowUsers = ( root )
>> >
>> > admit:
>> > /some_directory *.htc.com
>> >
>> > output from cfagent (on macbeth) using an old public key:
>> > BAD: Host authentication failed. Did you forget the domain name?
>> > Authentication dialogue with neutron.htc.com failed
>> > Unable to establish connection with neutron.htc.com
>> >
>> > from cfservd --debug:
>> > ...
>> > Canonical name matched host's assertion - id confirmed as
>> > macbeth.htc.com
>> > Checking address number 0 for non-canonical names (aliases)
>> > Reverse lookup succeeded
>> > Host ID is macbeth.htc.com
>> > User ID seems to be root
>> > RecvSocketStream(8)
>> > (Concatenated 8 from stream)
>> > Transaction Receive [t 280][]
>> > RecvSocketStream(280)
>> > (Concatenated 280 from stream)
>> > Received: [SAUTH y 256 37] on socket 6
>> > Challenge encryption = y, nonce = 37, buf = 256
>> > neutron.htc.com: Private decrypt failed = block type is not 02
>> > neutron.htc.com: Host authorization/authentication failed or access
>> > denied
>> > Transaction Send[t 64][Packed text]
>> > SendSocketStream, sent 72
>> > neutron.htc.com: From (host=macbeth.htc.com,user=root,ip=139.172.44.10)
>> > Terminating thread...
>> > ***Closing socket 6 from 139.172.44.10
>> > Deleted item 139.172.44.10
>> > # here comes the next client
>> > IPV4 address
>> > sockaddr_ntop(139.172.44.3)
>> > Obtained IP address of 139.172.44.3 on socket 6 from accept
>> > FuzzyItemIn(139.172.44.3)
>> > Purging Old Connections...
>> > Done purging
>> > FuzzyItemIn(139.172.44.3)
>> > Prepending 139.172.44.3
>> > # never to return again
>> >
>> >
>> >
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
>> Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- hung cfservd, Wipf, Stefan, 2003/01/29
- Re: hung cfservd, Mark . Burgess, 2003/01/29
- Re: hung cfservd, Wipf, Stefan, 2003/01/29
- Re: hung cfservd,
Mark . Burgess <=
- Re: hung cfservd, Wipf, Stefan, 2003/01/29
- Re: hung cfservd, Mark . Burgess, 2003/01/29
- Re: hung cfservd, Wipf, Stefan, 2003/01/29
- Re: hung cfservd, Mark . Burgess, 2003/01/29
- Re: hung cfservd, Wipf, Stefan, 2003/01/29
- Re: hung cfservd, Mark Burgess, 2003/01/30
Re: hung cfservd, Brian E. Seppanen, 2003/01/29