[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: several questions on running cfengine
From: |
Eva Hocks |
Subject: |
Re: several questions on running cfengine |
Date: |
Mon, 10 Mar 2003 15:58:14 -0800 (PST) |
> > public = ( /usr/local/ )
> > almost_public = ( /usr/local/apps )
> > cfrunCommand = ( /usr/local/apps/sbin/cfagent )
> > MultipleConnections = ( true )
> > MaxConnections = ( 10 )
> > master_configs = ( /usr/local/apps/cfengine/inputs/cfagent.conf )
> > AllowUsers = ( root hocks ) # This is always required.
> > AllowConnectionsFrom = ( 192.168.0 192.168.240.1-254 )
> > DenyBadClocks = ( false )
> > TrustKeysFrom = ( 192.168.240.254 192.168.240.0/24 )
>
> This smacks of cargo cult configuration to me. Your
> MultipleConnections line is bogus -- maybe you want
> AllowMultipleConnectionsFrom = ( a.b.c.d/e ) or somesuch. I don't
> know what you're doing with 'public', 'almost_public' or
> 'master_configs' -- maybe you use them elsewhere though. And your
> TrustKeysFrom contains a redundant first entry.
Well, I grapped whatever I could find in the samples hoping to catch the
correct keyword.
My cfservd seems to grant to the following:
ACCESS GRANTED ----------------------:
Path: /var/cfengine/inputs (encrypt=0)
Admit: * root=
Path: /usr/local/apps/cfengine/inputs (encrypt=0)
Admit: * root=
Path: /usr/local (encrypt=0)
Admit: * root=
Path: /etc (encrypt=0)
Admit: * root=
Path: /usr/local/apps/sbin/cfagent (encrypt=0)
Admit: 192.168.240.* root=
Admit: tf*sdsc.edu root=
ACCESS DENIAL ------------------------ :
Path: /usr/local
Deny: *.com
Path: /etc
Deny: *.com
Host IPs allowed connection access :
IP: 132.249.20
IP: 192.168.240
Host IPs denied connection access :
Host IPs allowed multiple connection access :
Host IPs from whom we shall accept public keys on trust :
IP: 132.249.20
IP: 192.168.240
Host IPs from NAT which we don't verify :
The client still receives the same error:
Loaded /var/cfengine/ppkeys/root-192.168.240.254.pub
cfengine:b80n11: Strong authentication of server=192.168.240.254
connection confirmed
Checking copy from 192.168.240.254:/usr/local/apps/cfengine/inputs to
/var/cfengine/inputs
cfengine:b80n11: Server returned error: Host authentication failed. Did
you forget the domain name?
The only way I found to make the copy work is to use a NFS filesystem
from the server mounted on the client and do a local copy.
Checking copy from localhost:/usr/local/apps/cfengine/inputs to
/var/cfengine/inputs
cfengine:b80n11: /var/cfengine/inputs/cf.B80 wasn't at destination
(copying)
Any other ideas?
Thanks,
Eva
- OS patching via cfengine, Ryan Anderson, 2003/03/06
- Re: OS patching via cfengine, Mark . Burgess, 2003/03/06
- several questions on running cfengine, Eva Hocks, 2003/03/06
- Re: several questions on running cfengine, Andrew Stribblehill, 2003/03/06
- Re: several questions on running cfengine, Eva Hocks, 2003/03/07
- Re: several questions on running cfengine, Andrew Stribblehill, 2003/03/08
- Re: several questions on running cfengine, Eva Hocks, 2003/03/10
- Re: several questions on running cfengine, Andrew Stribblehill, 2003/03/10
- Re: several questions on running cfengine,
Eva Hocks <=
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Thomas Glanzmann, 2003/03/11
- Message not available
- Re: several questions on running cfengine, Martin A. Brooks, 2003/03/11
- Re: several questions on running cfengine, Eva Hocks, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Marion Hakanson, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
- Re: several questions on running cfengine, Mark . Burgess, 2003/03/11
Re: OS patching via cfengine, Thomas Glanzmann, 2003/03/06