I also make it a habit to restart 'cfservd'
jsut to be sure althought cfservd is supposed to detect cfservd.conf updates
and re-read the config file.
Now, I personally use a bootstrap CF
file and also define a 'TrustKeysFrom' entry - so I imagine that you'd
put the following line in 'update.conf':
TrustKeysFrom = ( 10.0.7.165 ) # Clients
should only trust the CFserver
Bill Gunter <address@hidden> Sent by: address@hidden
09/19/2005 02:42 PM
Re: problems with trust
Sorry to re-post, but I'm afraid this has gotten lost
in the din. I
really need to get this resolved, so any help would be greatly
On Mon, 2005-09-12 at 12:51 -0500, Bill Gunter wrote:
> The clients and server are on the same network, 22.214.171.124/24. Here's
> the TrustKeys. The stuff on the 126.96.36.199/24 net works fine.
> TrustKeysFrom = (
> On Mon, 2005-09-12 at 01:29 -0500, Tim Nelson wrote:
> > On Fri, 9 Sep 2005, Bill Gunter wrote:
> > > I'm having trouble using trust to exchange keys. I got it
> > for
> > > one server, but it's not working for another. I get this
> > the
> > > client while running 'cfagent -v'
> > >
> > > "cfengine:viper: BAD: key could not be accepted on
> > >
> > > And similarly on the server from cfservd
> > >
> > > "No previous key found, and unable to accept this one
> > >
> > > I'm getting this when cfagent is parsing the update.conf
> > cfservd
> > > contains the correct TrustKeysFrom entries and update.conf
> > Are the server and client on different
sides of a NAT?
> > What's your TrustKeysFrom line?
> > :)
> > --
> > Kind Regards,
> > Tim Nelson
> > Server Administrator
> > P: 03 9934 0888
> > F: 03 9934 0899
> > E: address@hidden
> > W: www.webalive.biz
> > WebAlive Technologies
> > Level 1, Innovation Building
> > Digital Harbour
> > 1010 La Trobe Street
> > Docklands Melbourne VIC 3008
> > This email (including all attachments) is intended solely for
> > named addressee. It is confidential and may contain legally privileged
> > information. If
> > you receive it in error, please let us know by reply email, delete
> > from your system and destroy any copies. This email is also subject
> > copyright. No
> > part of it should be reproduced, adapted or transmitted without
> > written consent of the copyright owner.
> > Emails may be interfered with, may contain computer viruses or
> > defects and may not be successfully replicated on other systems.
> > give no
> > warranties in relation to these matters. If you have any doubts
> > the authenticity of an email purportedly sent by us, please contact
> > immediately.
> Help-cfengine mailing list
Help-cfengine mailing list