Re: without trustkey=yes cfengine 2.1.8 fails to run

bug-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: without trustkey=yes cfengine 2.1.8 fails to run

From:	Uwe Zeisberger
Subject:	Re: without trustkey=yes cfengine 2.1.8 fails to run
Date:	Fri, 6 Aug 2004 14:16:06 +0200
User-agent:	Mutt/1.5.6+20040523i

Hello Thomas,

thanks for your help, but:

Thomas Glanzmann wrote:
> > cfengine:: Not authorized to trust the server=a...de's public key 
> > (trustkey=false)
> > cfengine:: Authentication dialogue with a...de failed
> > cfengine:: Not authorized to trust the server=a....de's public key 
> > (trustkey=false)
> > cfengine:: Authentication dialogue with a...de failed
> 
> In my opinion you have two solutions to your problem.
> 
> (generic part) Upgrade cfengine to 2.1.8 on all Solaris hosts
I already updated all hosts to 2.1.8, generated new keys with the new
version everywhere.

> (solution 1) Delete the /var/cfengine/ppkeys/root-* files and set
> trustkeys to yes.
already done, too. On the client, the file for the server still don't
exist after running cfengine with trustkey=true.
 
> (solution 2) Copy over a key generated from a cfengine-2.1.8 version to
> /var/cfengine/ppkeys/root-whatever

When I copy localhost.pub from the server (andromeda) to ppkeys/root-<ip>.pub
on a client, I get on the client (running cfagent -q -v -d 1)

        cfengine:: Strong authentication of 
server=andromeda.informatik.uni-freiburg.de connection confirmed
        Receive counter challenge from server
        RecvSocketStream(8)
            (Concatenated 8 from stream)
        Transaction Receive [t 256][]
        RecvSocketStream(256)
            (Concatenated 256 from stream)
        Replying to counter challenge with md5
        Transaction Send[t 16][Packed text]
        Attempting to send 24 bytes
        SendSocketStream, sent 24
        Collecting public key from server!
        RecvSocketStream(8)

and on the server (cfservd -F -v -d 1)

        A public key was already known from 
auriga.informatik.uni-freiburg.de/::ffff:132.230.151.12 - no trust required
        Adding IP ::ffff:132.230.151.12 to SkipVerify - no need to check this 
if we have a key
        The public key identity was confirmed as address@hidden
        Transaction Send[t 16][Packed text]
        Attempting to send 24 bytes
        SendSocketStream, sent 24
        Transaction Send[t 16][Packed text]
        Attempting to send 24 bytes
        SendSocketStream, sent 24
        Transaction Send[t 256][Packed text]
        Attempting to send 264 bytes
        SendSocketStream, sent 264
        RecvSocketStream(8)
            (Concatenated 8 from stream)
        Transaction Receive [t 16][]
        RecvSocketStream(16)
            (Concatenated 16 from stream)
        cfservd: Strong authentication of client 
auriga.informatik.uni-freiburg.de/::ffff:132.230.151.12 achieved
        RecvSocketStream(8)

and then nothing new happens.

Regards,
Uwe

-- 
Uwe Zeisberger

fib where fib = 0 : 1 : zipWith (+) fib (tail fib)

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

without trustkey=yes cfengine 2.1.8 fails to run, Uwe Zeisberger, 2004/08/05
- Re: without trustkey=yes cfengine 2.1.8 fails to run, Thomas Glanzmann, 2004/08/06
  - Re: without trustkey=yes cfengine 2.1.8 fails to run, Uwe Zeisberger <=
    - Re: without trustkey=yes cfengine 2.1.8 fails to run, Mark . Burgess, 2004/08/08

Prev by Date: Re: cfengine fails to send email
Next by Date: Re: cfengine fails to send email
Previous by thread: Re: without trustkey=yes cfengine 2.1.8 fails to run
Next by thread: Re: without trustkey=yes cfengine 2.1.8 fails to run
Index(es):
- Date
- Thread