Re: some sort of host authentication problem.

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: some sort of host authentication problem.

From:	mark
Subject:	Re: some sort of host authentication problem.
Date:	Sun, 13 Apr 2003 07:39:54 +0200 (MEST)

You can yse SkipVerify to avoid reverse lookup.

M


On 12 Apr, Kurt Lieber wrote:
> I am unable to successfuly copy files from my master host to a slave
> server.  After a fair amount of troubleshooting, I tracked it down to this
> line:
> 
>         # master cfengine config files are stored here
>               /var/cfengine/masterfiles/inputs/       *.domain.com
> 
> If I change it to:
> 
>         # master cfengine config files are stored here
>               /var/cfengine/masterfiles/inputs/       *
>               
> Then it works fine which tells me that it's probably a problem with the
> reverse lookup.  Here is the relevant section of my cfservd.conf file:
> 
> control:
> 
>     domain = ( domain.com )
>     AllowUsers = ( root )
>     AllowConnectionsFrom = ( 192.168.1 )
>     TrustKeysFrom   = ( 192.168.1.0/24 )
>     SkipVerify = ( 192.168.1 )
> 
> 
> And the relevant section from cfservd -d2:
> 
> AccessControl(/var/cfengine/masterfiles/inputs)
> AccessControl(/var/cfengine/masterfiles/inputs,192.168.1.144) encrypt 
> request=1
> Found a match for in access list 
> (/var/cfengine/masterfiles/inputs,/var/cfengine/masterfiles/inputs)
> FuzzyItemIn(192.168.1.144)
> IsWildItem(192.168.1.144,*.domain.com)
> IsWildItem(192.168.1.144,*.domain.com)
> FuzzyItemIn(192.168.1.144)
> cfservd: Host 192.168.1.144 denied access to /var/cfengine/masterfiles/inputs
> 
> 
> Now, reverse lookups don't work on my network -- so 192.168.1.144 is never
> going to correctly resolve to host.domain.com.  Is there any other way to
> tell cfservd that 192.168.1.144 really is host.domain.com?  Or am I stuck
> using "*" for all my file controls in cfservd.conf?
> 
> Thanks.
> 
> --kurt
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Prev in Thread]

Current Thread

[Next in Thread]

some sort of host authentication problem., Kurt Lieber, 2003/04/12
- Re: some sort of host authentication problem., mark <=
  - Re: some sort of host authentication problem., Kurt Lieber, 2003/04/13

Prev by Date: Re: question about architecting a cfengine implementation
Next by Date: Re: some sort of host authentication problem.
Previous by thread: some sort of host authentication problem.
Next by thread: Re: some sort of host authentication problem.
Index(es):
- Date
- Thread