help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No authentication?


From: Juha Ylitalo
Subject: Re: No authentication?
Date: 10 Jul 2003 10:27:20 +0300

On Thu, 2003-07-10 at 03:27, ext Christopher DeMarco wrote:
> On Wed, Jul 09, 2003 at 10:11:53AM -0600, Allen Bettilyon wrote:
> > You 'could' just write a script that deletes  all the keys from your
> > server every so often.  And than turn trustkeys on.
> 
> That's what I'm currently doing, but  it doesn't seem like the "right"
> thing to do... I was hoping there was  a secret undocumented switch or
> the like...

One thing that you could try is to define all relevant IP address ranges
into TrustKeysFrom and DynamicAddresses
(cfengine-Reference.html#DynamicAddresses). That would tell cfengine
that even though it already has key for IP address 1.2.3.4, it should
trust others who might also be using IP address 1.2.3.4. This is what we
use in lab, where we occasionally JumpStart Solaris machines, which are
used in QA.
This is only partial solution in a sense that it doesn't turn
authentication off and you still should occasionally clean old keys
away, but it should make life little bit easier with cfengine.

-- 
Juha Ylitalo       address@hidden           <work e-mail>
+358 40 562 6152   http://linux.nokia.com/~jylitalo/  <work www>





reply via email to

[Prev in Thread] Current Thread [Next in Thread]