[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: HELP PLEASE: key distribution using CFengine
From: |
Chris Edillon |
Subject: |
Re: HELP PLEASE: key distribution using CFengine |
Date: |
Mon, 15 Mar 2004 10:36:15 -0400 (GMT+4) |
On Mon, 15 Mar 2004, Pau Capdevila/Upcnet wrote:
> Initially I had the same problem. Googling around you could have found
> that:
>
> TrustKeysFrom in cfservd.conf
> and
> trustkey=true in update.conf and cfagent.conf
>
> are the key...(silly joke?)
>
> I know this may break security...Has anyone a better approach?
if you load your machines with kickstart/ris/jumpstart or some
other automated approach, why not copy the policy host key(s) into
place before deploying the machine? if you define a new policy
host, you can have cfagent copy the new key from the current policy
host before the new one goes operational.
chris