Re: globally SkipVerify everything

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: globally SkipVerify everything

From:	Mark . Burgess
Subject:	Re: globally SkipVerify everything
Date:	Sat, 4 Oct 2003 23:45:50 +0200 (MEST)

If you already have exchanged keys, then upgrading to 2.1.0b3
will cure this. once keys have been trusted, there is no need
for reverse lookup.

M

On  4 Oct, Kurt Lieber wrote:
> For various reasons, our servers do not always have reverse lookup records,
> which makes cfengine unhappy.  I can work around this using SkipVerify, but
> it's somewhat of a pain to have to list every server in that one section.
> 
> Is there some global way to tell cfengine not to use reverse DNS?  I
> realize and accept the security risk associated with it.  I simply have no
> choice -- I need to rely solely on public/private keys for host
> authentication.
> 
> I tried:
> 
> SkipVerify = ( * )
> 
> but that didn't work.  That's the type of functionality I'm looking for,
> however.  I also tried using a group name, but that didn't seem to work,
> either.
> 
> Any suggestions?
> 
> --kurt



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Prev in Thread]

Current Thread

[Next in Thread]

globally SkipVerify everything, Kurt Lieber, 2003/10/04
- Re: globally SkipVerify everything, Mark . Burgess <=

Prev by Date: globally SkipVerify everything
Next by Date: Question about Splaytime
Previous by thread: globally SkipVerify everything
Next by thread: Question about Splaytime
Index(es):
- Date
- Thread