help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfrun and cfservd


From: Mohamed Eldesoky
Subject: Re: cfrun and cfservd
Date: Mon, 17 May 2004 09:38:44 +0300
User-agent: KMail/1.6.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

umm

Thanks a million.
But don't you think that it should work without AllowUsers at all !!
The documentation says that the root is allowed by default, and if no users 
are specified at all, it will assume the root by default !!

However, I am happy that it has worked now.
Thanks.

Regards
Mohamed Eldesoky

On Sunday 16 May 2004 6:14 pm, address@hidden wrote:
> Nope - you write "AllowUser" not "AllowUsers"
>
> M
>
> On 16 May, Mohamed Eldesoky wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Look to the very bottom of this email.
> > It has my cfservd.conf pasted, and it has that specific directive.
> >
> > !!
> >
> > On Sunday 16 May 2004 5:10 pm, address@hidden wrote:
> >> Ahh - seems you should add root as a trusted user.
> >>
> >> e.g. in cfservd.conf
> >>
> >>   AllowUsers = ( mark sigmunds root )
> >>
> >> M
> >>
> >> On 16 May, Mohamed Eldesoky wrote:
> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> > Hash: SHA1
> >> >
> >> > I sent it in my last email, here it is again
> >> >
> >> >  and this strange error on the client
> >> >  "Received: [EXEC root ] on socket 5
> >> >  User root is not allowed on this server
> >> >  cfservd: Host authorization/authentication failed or access denied
> >> >
> >> >
> >> > Regards
> >> >
> >> > On Sunday 16 May 2004 4:35 pm, address@hidden wrote:
> >> >> Well that's not a very good security principle. I recommend
> >> >> using -d2 to see the real reason for the denial.
> >> >>
> >> >> M
> >> >>
> >> >> On 16 May, Mohamed Eldesoky wrote:
> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >> > Hash: SHA1
> >> >> >
> >> >> > It gave the same exact result.
> >> >> > Plus, if you think that options is needed even if one client only
> >> >> > talks with one server, then it should be enabled by default (even
> >> >> > forced enabled)
> >> >> >
> >> >> > Regards
> >> >> > Mohamed Eldesoky
> >> >> >
> >> >> > On Sunday 16 May 2004 3:57 pm, address@hidden wrote:
> >> >> >> But the same client might need to open multiple connections...?
> >> >> >>
> >> >> >> On 16 May, Mohamed Eldesoky wrote:
> >> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >> >> > Hash: SHA1
> >> >> >> >
> >> >> >> > I am only testing now with one to  one connections.
> >> >> >> > ie, one server from one client
> >> >> >> >
> >> >> >> > Regards
> >> >> >> >
> >> >> >> > On Sunday 16 May 2004 1:46 pm, address@hidden wrote:
> >> >> >> >> I would try AllowMultipleConnectionsFrom since you will be
> >> >> >> >> connecting with several streams.
> >> >> >> >>
> >> >> >> >> M
> >> >> >> >>
> >> >> >> >> On 16 May, Mohamed Eldesoky wrote:
> >> >> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >> >> >> > Hash: SHA1
> >> >> >> >> >
> >> >> >> >> > Hi all,
> >> >> >> >> >
> >> >> >> >> > I have just got cfengine working with me.
> >> >> >> >> > The only trouble is with cfrun.
> >> >> >> >> >
> >> >> >> >> > keys are exchanged properly (and cfagent works fine), and
> >> >> >> >> > cfservd is running. Only it doesn't allow access.
> >> >> >> >> > It always shows the famous
> >> >> >> >> > "Host authentication failed. Did you forget the domain name
> >> >> >> >> > or IP/DNS address registration (for ipv4 or ipv6)"   to the
> >> >> >> >> > server
> >> >> >> >> >
> >> >> >> >> > and this strange error on the client
> >> >> >> >> > "Received: [EXEC root ] on socket 5
> >> >> >> >> > User root is not allowed on this server
> >> >> >> >> > cfservd: Host authorization/authentication failed or access
> >> >> >> >> > denied Transaction Send[t 114][Packed text]
> >> >> >> >> > Attempting to send 122 bytes
> >> >> >> >> > SendSocketStream, sent 122
> >> >> >> >> > "
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > I will post my conf files for cfservd.conf and cfrun.conf
> >> >> >> >> >
> >> >> >> >> > cfservd.conf:
> >> >> >> >> > ############### On both server and client ################
> >> >> >> >> > control:
> >> >> >> >> >
> >> >> >> >> >         domain = ( domain.com )
> >> >> >> >> >         cfrunCommand = ( "/usr/local/sbin/cfagent" )
> >> >> >> >> >         Access = ( root )
> >> >> >> >> >         AllowConnectionsFrom = ( xxx.xxx.xxx.xxx )  ## An IP
> >> >> >> >> > range TrustKeysFrom = ( xxx.xxx.xxx.xxx )  ## An IP range
> >> >> >> >> > AllowUser = ( root )
> >> >> >> >> >         SkipVerify = ( xxx.xxx.xxx.xxx )  ## this is an IP
> >> >> >> >> > range grant:
> >> >> >> >> >
> >> >> >> >> >         # Grant access to all hosts at example.org.
> >> >> >> >> >         # Files should be world readable
> >> >> >> >> >
> >> >> >> >> >         /var/cfengine/inputs/       *
> >> >> >> >> >         /usr/local/sbin/           *
> >> >> >> >> >         /opt/                      *
> >> >> >> >> >
> >> >> >> >> > cfrun.hosts:
> >> >> >> >> >
> >> >> >> >> > domain=domain.com
> >> >> >> >> > access=root
> >> >> >> >> > xxx.xxx.xxx.xxx root
> >> >> >> >> > -----BEGIN PGP SIGNATURE-----
> >> >> >> >> > Version: GnuPG v1.2.3 (GNU/Linux)
> >> >> >> >> >
> >> >> >> >> > iD8DBQFApzeF2FHsOWMJBKMRAk5lAKCHanYZfjdB30BPoeiigFKpTyJw4QCfU
> >> >> >> >> >kA+ L9+zh4p0v1F61FFChxuELfc=
> >> >> >> >> > =j/2z
> >> >> >> >> > -----END PGP SIGNATURE-----
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > _______________________________________________
> >> >> >> >> > Help-cfengine mailing list
> >> >> >> >> > address@hidden
> >> >> >> >> > http://mail.gnu.org/mailman/listinfo/help-cfengine
> >> >> >> >>
> >> >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >> >> >>~~~ ~~~ ~ Work: +47 22453272            Email: 
> >> >> >> >> address@hidden Fax : +47 22453205            WWW  : 
> >> >> >> >> http://www.iu.hio.no/~mark
> >> >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >> >> >>~~~ ~~~ ~
> >> >> >> >
> >> >> >> > -----BEGIN PGP SIGNATURE-----
> >> >> >> > Version: GnuPG v1.2.3 (GNU/Linux)
> >> >> >> >
> >> >> >> > iD8DBQFAp0qN2FHsOWMJBKMRAiZvAKDxfBYcDY4qqH5WEYAHsfmQnmnO+QCfWoCf
> >> >> >> > spP7Geyd8P8rYEaJb6q3n94=
> >> >> >> > =dFG3
> >> >> >> > -----END PGP SIGNATURE-----
> >> >> >> >
> >> >> >> >
> >> >> >> > _______________________________________________
> >> >> >> > Help-cfengine mailing list
> >> >> >> > address@hidden
> >> >> >> > http://mail.gnu.org/mailman/listinfo/help-cfengine
> >> >> >>
> >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >> >>~~~ ~ Work: +47 22453272            Email:  address@hidden
> >> >> >> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >> >>~~~ ~
> >> >> >
> >> >> > -----BEGIN PGP SIGNATURE-----
> >> >> > Version: GnuPG v1.2.3 (GNU/Linux)
> >> >> >
> >> >> > iD8DBQFAp2Xb2FHsOWMJBKMRAiqUAJ4n32OdD9Gu6wVsmuQmqJTZufB31gCcDATu
> >> >> > grWddsNy6QwC27C8QbpfkCA=
> >> >> > =jomp
> >> >> > -----END PGP SIGNATURE-----
> >> >>
> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >>~ Work: +47 22453272            Email:  address@hidden Fax :
> >> >> +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >>~
> >> >
> >> > -----BEGIN PGP SIGNATURE-----
> >> > Version: GnuPG v1.2.3 (GNU/Linux)
> >> >
> >> > iD8DBQFAp3Dw2FHsOWMJBKMRAqmIAJ9WnnsNC7JzXjXuIx8VH97VyA74NQCePPtL
> >> > o9J4OE9J09fHxY3Iq9hZMRE=
> >> > =DgDS
> >> > -----END PGP SIGNATURE-----
> >>
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> Work: +47 22453272            Email:  address@hidden
> >> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.3 (GNU/Linux)
> >
> > iD8DBQFAp3gg2FHsOWMJBKMRAshnAJ9+VpTkDyqyaQFpXri5XGUBQSy3BgCgql9a
> > 4Q0BzknBjAKgEu4oUCeR9Ww=
> > =vPmL
> > -----END PGP SIGNATURE-----
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272            Email:  address@hidden
> Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAqF322FHsOWMJBKMRAgsPAJ0TRvFY5m+bsE+1UBIxUUdTXWQ94wCfQHEi
PtltDgmBqWhYtbshEnGFtKU=
=URCH
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]