[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: globally SkipVerify everything
From: |
Mark . Burgess |
Subject: |
Re: globally SkipVerify everything |
Date: |
Sat, 4 Oct 2003 23:45:50 +0200 (MEST) |
If you already have exchanged keys, then upgrading to 2.1.0b3
will cure this. once keys have been trusted, there is no need
for reverse lookup.
M
On 4 Oct, Kurt Lieber wrote:
> For various reasons, our servers do not always have reverse lookup records,
> which makes cfengine unhappy. I can work around this using SkipVerify, but
> it's somewhat of a pain to have to list every server in that one section.
>
> Is there some global way to tell cfengine not to use reverse DNS? I
> realize and accept the security risk associated with it. I simply have no
> choice -- I need to rely solely on public/private keys for host
> authentication.
>
> I tried:
>
> SkipVerify = ( * )
>
> but that didn't work. That's the type of functionality I'm looking for,
> however. I also tried using a group name, but that didn't seem to work,
> either.
>
> Any suggestions?
>
> --kurt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~