help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fuzzy Matching and IP Ranges in TrustKeysFrom

From: Mark . Burgess
Subject: Re: Fuzzy Matching and IP Ranges in TrustKeysFrom
Date: Thu, 20 Feb 2003 19:18:12 +0100 (MET) 
Upgrade to 2.0.5 and try it again.
M

On 20 Feb, Dave Owen wrote:
> I'm using 2.0.b4. I want to set TrustKeysFrom in cfsercd.conf to allow
> any new client on a large subnet be trusted when it supplies its
> public key to the server.
> 
> This works fine when I use individual IP addresses. However, if I use
> ranges, either like this
> 
> nnn.nnn.nnn.nnn/16
> 
> or like this
> 
> nnn.nnn.1-254.1-254
> 
> then the key is not accepted. Turning up debug shows the client IP
> address being passed to IsFuzzyItemIn() and being matched against a
> list of IP addresses. However, I've looked at the code for where the
> IP list is stored and the comparison routine, and I can't find the
> part that should be either expanding the address range into a list of
> addresses or matching the client against a representation of the
> range.
> 
> Has this ever worked? I've seen people recommend using subnet ranges,
> but has anyone actually got it to work? Any insight warmly welcomed.
> 
> Regards,
> 
> Dave.
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]