[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Has Anyone Used Cfengine With Dynamic IP Addresses?
|
From: |
Mark . Burgess |
|
Subject: |
Re: Has Anyone Used Cfengine With Dynamic IP Addresses? |
|
Date: |
Wed, 1 Oct 2003 05:59:50 +0200 (MEST) |
There is already a mechanism for dealing with dynamic address ranges
in cfservd that I believe is used successfully at Nokia. If there
is something wrong with that, why not send in a bug report rather than
hacking IP security?
M
On 30 Sep, Alec H. Peterson wrote:
> I modified cfservd to search all stored keys with a specific suffix and
> attempt to match the key that the client presented. You lose source IP
> security, but the way I see it it is far easier to spoof the IP than it is
> to break the public key encryption (assuming the machine hasn't been
> compromised, in which case all bets are off).
>
> The tricky part is that you have to do the key exchange manually, but that
> only happens once. If there is general interest I'd be happy to share the
> changes I made.
>
> Alec
>
> --On Tuesday, September 30, 2003 5:01 PM -0500 Chip Seraphine
> <chip@trdlnk.com> wrote:
>
>> Using cfservd in the normal manner may be more difficult with dynamic
>> addresses, but I don't see why cfagent would care (unless you told it to).
>>
>> Just kick off your cfagent's via cron or ssh (or cfexecd?), and perhaps
>> do your file copies over NFS or via rsync shellcommands or something.
>> With a little creativity you can probably have a nicely-running cfengine
>> setup that generally ignores the cfengine-specific auth stuff. It won't
>> be very boss, but it should basically work...
>>
>> Obviously, this puts the onus of security on you, however :-)
>>
>> Rasheda M Menzies wrote:
>>>
>>> In the book, _Automating Unix and Linux Administration_, it says that,
>>> "It is difficult, if not impossible, to use cfengine with dynamic
>>> IPaddresses". Has anyone actually had success with Red Hat clients, ie
>>> laptops, which go on/off network at any time and loses their IP
>>> addresses? If so, please let me know how this
>>> is done in cfengine.
>>>
>>>
>>> Thanks,
>>> Rasheda
>>> ____________________________________________________
>>> Rasheda M. Menzies
>>> Software Engineer
>>> IBM Watson Research Center
>>> 1101 Kitchawan Road, Route 134
>>> Yorktown Heights, NY 10598
>>> Tel: 914-945-2401, Tie: 862-2401
>>> E-mail: rasheda@us.ibm.com
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Help-cfengine mailing list
>>> Help-cfengine@gnu.org
>>> http://mail.gnu.org/mailman/listinfo/help-cfengine
>>
>>
>>
>>
>> _______________________________________________
>> Help-cfengine mailing list
>> Help-cfengine@gnu.org
>> http://mail.gnu.org/mailman/listinfo/help-cfengine
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~