[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfservd 2.0.2, IP ranges and TrustKeysFrom

From: Mark . Burgess
Subject: Re: cfservd 2.0.2, IP ranges and TrustKeysFrom
Date: Wed, 12 Jun 2002 13:36:50 +0200 (MET DST)

Should work. Try running cfservd -d2 and looking at the debugging
output to see why it's not working.


On 12 Jun, Juha Ylitalo wrote:
> cfservd: cfengine 2.0.2 on FreeBSD 4.5-RELEASE-p5
> cfanget: cfengine 2.0.2 on Solaris 8
> Summary:
> I haven't yet looked into code, but on quick experimentation it looks as
> TrustKeysFrom in cfservd.conf doesn't support IPranges.
> Description:
> I have following two lines in my cfservd.conf in cfservd host:
>   TrustKeysFrom = ( )
>   DynamicAddresses = (
> )
> Whenever my JumpStarted Solaris box at tried to contact
> cfservd, authentication failed. This problem disappeared as soon as I
> split TrustKeysFrom so that and were listed as
> separate IPs in list.
> In case someone wonders why Solaris box is in DynamicAddresses, the
> explanation is simply that those boxes are used for testing certain
> applications and  as such boxes are reinstalled on regular basis. With
> DynamicAddresses and TrustKeysFrom combination, we can avoid the step,
> where we would have to go and delete old public key from cfservd host.
> Other option would have been to distribute keys during JumpStart, but
> that wouldn't be anymore secure than this solution.
> P.S. Yes, I know, my IPs are scattered in pretty awkward way, but I am
> trusting that time will take care of it as all new machines get IPs from
> separate IP range.

Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark

reply via email to

[Prev in Thread] Current Thread [Next in Thread]