[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Turn Off Use of Keys and Encryption
From: |
Brendan Strejcek |
Subject: |
Re: Turn Off Use of Keys and Encryption |
Date: |
Wed, 4 Jan 2006 13:11:52 -0600 |
User-agent: |
Mutt/1.5.6+20040818i |
Pletan, Ray wrote:
> We are implementing cfengine for post server build configuration. I
> would like to turn OFF the use of keys and encryption to do this.
Why would you want to do that? Are you trying to avoid the key
distribution problem? If so, and you don't care about authenticating
your clients, you can use a combination of the TrustKey, TrustKeysFrom,
and DynamicAddresses control variables to almost get around having to
use keys.
http://www.cfengine.org/docs/cfengine-Reference.html#TrustKeysFrom
http://www.cfengine.org/docs/cfengine-Reference.html#DynamicAddresses
As far as I know, there is no way to disable the need for client keys.
Even if you run cfagent unpriviliged and with no network copies, it
will still complain and exit if you do not first generate keys with
cfkey. I would recommend just building that step into your bootstrap
procedure and using whatever level of key trust is appropriate to your
environment.
Best,
Brendan
--
Senior System Administrator
The University of Chicago
Department of Computer Science
http://www.cs.uchicago.edu/people/brendan
http://praksys.blogspot.com/