[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: $(domain) without DNS ?!
From: |
Yves |
Subject: |
Re: $(domain) without DNS ?! |
Date: |
Mon, 7 Mar 2005 23:11:56 +0900 |
On Fri, 4 Feb 2005 14:16:37 +0900, Yves wrote:
> How to handle $(domain) variable in a clean, secure manner without
> DNS ?
>
>
> If $(domain) is not defined, copy action (remote) fails because of
> authentication mechanism .
> So, we use the following workaround in cfservd.conf on
> $(policyhost):
>
>
> SkipVerify = ( 10. )
> domain = ( dummy )
> grant:
> /cfdepot/ *.dummy
>
>
> # /var/cfengine/bin/cfservd -F -v
>
>
> Listening for connections ...
> cfservd: Allowing 10.10.10.102 to connect without (re)checking ID
> Non-verified Host ID is ws01.dummy (Using skipverify)
> Non-verified User ID seems to be root (Using skipverify)
> cfservd: Unable to lookup hostname (ws01.dummy) or cfengine service: Hostname
> and service name not provided or found
> Updating last-seen time for ws01.dummy Loaded
> /var/cfengine/ppkeys/root-10.10.10.102.pub
> A public key was already known from ws01.dummy/10.10.10.102 - no trust
> required
> Adding IP 10.10.10.102 to SkipVerify - no need to check this if we have a key
> The public key identity was confirmed as root@ws01.dummy
> cfservd: Strong authentication of client ws01.dummy/10.10.10.102 achieved
>
> env:
> - v2.1.10
> - using NIS
> - installed on aix 4.3.3;5.1
>
>
> Is there a way to handle it in a clean and secure manner?
>
> Thanks,
> Yves
>
> Y99@gmx.de am 04.02.2005 11:28:56 Uhr
>_______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine
I have another question.
Is there a possibilty to prevent the message:
"Unable to lookup hostname (ws01.dummy) or cfengine service: Hostname and
service name not provided or found"
When I use SkipVerify for the host or ip-range, I don't need this warning.
env:
cfengine v.2.1.10
700 clients (at least 700x24=16800 entries in SYSLOG)
Thanks and regards,
Yves
Y99@gmx.de am 07.03.2005 10:51:39Uhr
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: $(domain) without DNS ?!,
Yves <=