Re: Turn Off Use of Keys and Encryption

[Brendan Strejcek]

Pletan, Ray wrote:

> We are implementing cfengine for post server build configuration. I
> would like to turn OFF the use of keys and encryption to do this.

Why would you want to do that? Are you trying to avoid the key
distribution problem? If so, and you don't care about authenticating
your clients, you can use a combination of the TrustKey, TrustKeysFrom,
and DynamicAddresses control variables to almost get around having to
use keys.

http://www.cfengine.org/docs/cfengine-Reference.html#TrustKeysFrom

http://www.cfengine.org/docs/cfengine-Reference.html#DynamicAddresses

As far as I know, there is no way to disable the need for client keys.
Even if you run cfagent unpriviliged and with no network copies, it
will still complain and exit if you do not first generate keys with
cfkey. I would recommend just building that step into your bootstrap
procedure and using whatever level of key trust is appropriate to your
environment.

Best,
Brendan

--
Senior System Administrator
The University of Chicago
Department of Computer Science

http://www.cs.uchicago.edu/people/brendan
http://praksys.blogspot.com/