For what it's worth, this is also a relatively common problem for me as
well, although for some reason this has faded significantly in the past
few weeks. I just had it happen this morning though, randomly, on a
couple of systems.
It also only appears to happen during copy, at random, and usually does
not happen twice in a row.
Brian
However. The challenge response problems your talking about we solve
the
following way:
rm /var/cfengine/ppkeys/root-* on the servers. They will copied on
the
first request back when trustkey is yes. Also we have limited the
access
to the cfengine ports only from the local machines via a firewall.
You have of course also delete the keys on the client side for some
rare
cases. (In case the server key has changed) or you had one of that
buggy
cfengine versions running (see archives for details).
It's not a trust or re-key issue. The message:
cfengine:--------: Challenge response from server
cfengine/10.xxx.xxx.xx
was incorrect!
cfengine:--------: Authentication dialogue with cfengine failed
1. appears somewhat at random... but frequently ~2-3 times a day for a
given host.
2. obviously only appears during a copy operation
3. likely will not appear in the next run (about an hour later)
to mark,
Does it make sense that I'd get the message above if the server
couldn't
fork a new child? I could just dig through the code, but thought I'd
try
to be lazy first.
thanks
wheeler
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine