[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No authentication?

From: Chip Seraphine
Subject: Re: No authentication?
Date: Thu, 10 Jul 2003 08:00:58 -0500
User-agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.2.1) Gecko/20030121

Be warned though-- I've had the Trust stuff fail at times for no reason that I could tell. The result is generally cfrun spewing a few billion lines of key exchange prompt until I kill the process :-) Always works fine when I run it the second time, though.

Juha Ylitalo wrote:
On Thu, 2003-07-10 at 03:27, ext Christopher DeMarco wrote:

On Wed, Jul 09, 2003 at 10:11:53AM -0600, Allen Bettilyon wrote:

You 'could' just write a script that deletes  all the keys from your
server every so often.  And than turn trustkeys on.

That's what I'm currently doing, but  it doesn't seem like the "right"
thing to do... I was hoping there was  a secret undocumented switch or
the like...

One thing that you could try is to define all relevant IP address ranges
into TrustKeysFrom and DynamicAddresses
(cfengine-Reference.html#DynamicAddresses). That would tell cfengine
that even though it already has key for IP address, it should
trust others who might also be using IP address This is what we
use in lab, where we occasionally JumpStart Solaris machines, which are
used in QA.
This is only partial solution in a sense that it doesn't turn
authentication off and you still should occasionally clean old keys
away, but it should make life little bit easier with cfengine.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]