Re: cfrun and cfservd

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfrun and cfservd

From:	Mohamed Eldesoky
Subject:	Re: cfrun and cfservd
Date:	Sun, 16 May 2004 17:18:06 +0300
User-agent:	KMail/1.6.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Look to the very bottom of this email.
It has my cfservd.conf pasted, and it has that specific directive.

!!


On Sunday 16 May 2004 5:10 pm, Mark.Burgess@iu.hio.no wrote:
> Ahh - seems you should add root as a trusted user.
>
> e.g. in cfservd.conf
>
>   AllowUsers = ( mark sigmunds root )
>
> M
>
> On 16 May, Mohamed Eldesoky wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I sent it in my last email, here it is again
> >
> >  and this strange error on the client
> >  "Received: [EXEC root ] on socket 5
> >  User root is not allowed on this server
> >  cfservd: Host authorization/authentication failed or access denied
> >
> >
> > Regards
> >
> > On Sunday 16 May 2004 4:35 pm, Mark.Burgess@iu.hio.no wrote:
> >> Well that's not a very good security principle. I recommend
> >> using -d2 to see the real reason for the denial.
> >>
> >> M
> >>
> >> On 16 May, Mohamed Eldesoky wrote:
> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> > Hash: SHA1
> >> >
> >> > It gave the same exact result.
> >> > Plus, if you think that options is needed even if one client only
> >> > talks with one server, then it should be enabled by default (even
> >> > forced enabled)
> >> >
> >> > Regards
> >> > Mohamed Eldesoky
> >> >
> >> > On Sunday 16 May 2004 3:57 pm, Mark.Burgess@iu.hio.no wrote:
> >> >> But the same client might need to open multiple connections...?
> >> >>
> >> >> On 16 May, Mohamed Eldesoky wrote:
> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >> > Hash: SHA1
> >> >> >
> >> >> > I am only testing now with one to  one connections.
> >> >> > ie, one server from one client
> >> >> >
> >> >> > Regards
> >> >> >
> >> >> > On Sunday 16 May 2004 1:46 pm, Mark.Burgess@iu.hio.no wrote:
> >> >> >> I would try AllowMultipleConnectionsFrom since you will be
> >> >> >> connecting with several streams.
> >> >> >>
> >> >> >> M
> >> >> >>
> >> >> >> On 16 May, Mohamed Eldesoky wrote:
> >> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >> >> > Hash: SHA1
> >> >> >> >
> >> >> >> > Hi all,
> >> >> >> >
> >> >> >> > I have just got cfengine working with me.
> >> >> >> > The only trouble is with cfrun.
> >> >> >> >
> >> >> >> > keys are exchanged properly (and cfagent works fine), and
> >> >> >> > cfservd is running. Only it doesn't allow access.
> >> >> >> > It always shows the famous
> >> >> >> > "Host authentication failed. Did you forget the domain name or
> >> >> >> > IP/DNS address registration (for ipv4 or ipv6)"   to the server
> >> >> >> >
> >> >> >> > and this strange error on the client
> >> >> >> > "Received: [EXEC root ] on socket 5
> >> >> >> > User root is not allowed on this server
> >> >> >> > cfservd: Host authorization/authentication failed or access
> >> >> >> > denied Transaction Send[t 114][Packed text]
> >> >> >> > Attempting to send 122 bytes
> >> >> >> > SendSocketStream, sent 122
> >> >> >> > "
> >> >> >> >
> >> >> >> >
> >> >> >> > I will post my conf files for cfservd.conf and cfrun.conf
> >> >> >> >
> >> >> >> > cfservd.conf:
> >> >> >> > ############### On both server and client ################
> >> >> >> > control:
> >> >> >> >
> >> >> >> >         domain = ( domain.com )
> >> >> >> >         cfrunCommand = ( "/usr/local/sbin/cfagent" )
> >> >> >> >         Access = ( root )
> >> >> >> >         AllowConnectionsFrom = ( xxx.xxx.xxx.xxx )  ## An IP
> >> >> >> > range TrustKeysFrom = ( xxx.xxx.xxx.xxx )  ## An IP range
> >> >> >> > AllowUser = ( root )
> >> >> >> >         SkipVerify = ( xxx.xxx.xxx.xxx )  ## this is an IP range
> >> >> >> > grant:
> >> >> >> >
> >> >> >> >         # Grant access to all hosts at example.org.
> >> >> >> >         # Files should be world readable
> >> >> >> >
> >> >> >> >         /var/cfengine/inputs/       *
> >> >> >> >         /usr/local/sbin/           *
> >> >> >> >         /opt/                      *
> >> >> >> >
> >> >> >> > cfrun.hosts:
> >> >> >> >
> >> >> >> > domain=domain.com
> >> >> >> > access=root
> >> >> >> > xxx.xxx.xxx.xxx root
> >> >> >> > -----BEGIN PGP SIGNATURE-----
> >> >> >> > Version: GnuPG v1.2.3 (GNU/Linux)
> >> >> >> >
> >> >> >> > iD8DBQFApzeF2FHsOWMJBKMRAk5lAKCHanYZfjdB30BPoeiigFKpTyJw4QCfUkA+
> >> >> >> > L9+zh4p0v1F61FFChxuELfc=
> >> >> >> > =j/2z
> >> >> >> > -----END PGP SIGNATURE-----
> >> >> >> >
> >> >> >> >
> >> >> >> > _______________________________________________
> >> >> >> > Help-cfengine mailing list
> >> >> >> > Help-cfengine@gnu.org
> >> >> >> > http://mail.gnu.org/mailman/listinfo/help-cfengine
> >> >> >>
> >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >> >>~~~ ~ Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
> >> >> >> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >> >>~~~ ~
> >> >> >
> >> >> > -----BEGIN PGP SIGNATURE-----
> >> >> > Version: GnuPG v1.2.3 (GNU/Linux)
> >> >> >
> >> >> > iD8DBQFAp0qN2FHsOWMJBKMRAiZvAKDxfBYcDY4qqH5WEYAHsfmQnmnO+QCfWoCf
> >> >> > spP7Geyd8P8rYEaJb6q3n94=
> >> >> > =dFG3
> >> >> > -----END PGP SIGNATURE-----
> >> >> >
> >> >> >
> >> >> > _______________________________________________
> >> >> > Help-cfengine mailing list
> >> >> > Help-cfengine@gnu.org
> >> >> > http://mail.gnu.org/mailman/listinfo/help-cfengine
> >> >>
> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >>~ Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no Fax :
> >> >> +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >>~
> >> >
> >> > -----BEGIN PGP SIGNATURE-----
> >> > Version: GnuPG v1.2.3 (GNU/Linux)
> >> >
> >> > iD8DBQFAp2Xb2FHsOWMJBKMRAiqUAJ4n32OdD9Gu6wVsmuQmqJTZufB31gCcDATu
> >> > grWddsNy6QwC27C8QbpfkCA=
> >> > =jomp
> >> > -----END PGP SIGNATURE-----
> >>
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
> >> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.3 (GNU/Linux)
> >
> > iD8DBQFAp3Dw2FHsOWMJBKMRAqmIAJ9WnnsNC7JzXjXuIx8VH97VyA74NQCePPtL
> > o9J4OE9J09fHxY3Iq9hZMRE=
> > =DgDS
> > -----END PGP SIGNATURE-----
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAp3gg2FHsOWMJBKMRAshnAJ9+VpTkDyqyaQFpXri5XGUBQSy3BgCgql9a
4Q0BzknBjAKgEu4oUCeR9Ww=
=vPmL
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

cfrun and cfservd, Mohamed Eldesoky, 2004/05/16
- Re: cfrun and cfservd, Mohamed Eldesoky, 2004/05/16
- Re: cfrun and cfservd, Mark . Burgess, 2004/05/16
  - Re: cfrun and cfservd, Mohamed Eldesoky, 2004/05/16
- Re: cfrun and cfservd, Mohamed Eldesoky, 2004/05/16
- Re: cfrun and cfservd, Mohamed Eldesoky, 2004/05/16
- Re: cfrun and cfservd, Mohamed Eldesoky <=
  - Re: cfrun and cfservd, Mark . Burgess, 2004/05/16
    - Re: cfrun and cfservd, Mohamed Eldesoky, 2004/05/17

Prev by Date: Re: cfrun and cfservd
Next by Date: Re: cfrun and cfservd
Previous by thread: Re: cfrun and cfservd
Next by thread: Re: cfrun and cfservd
Index(es):
- Date
- Thread