[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Host authentication fails after update from 2.1.13

From: Morten Werner Olsen
Subject: Host authentication fails after update from 2.1.13
Date: Mon, 13 Jun 2005 21:50:03 +0200
User-agent: Mutt/1.5.9i

forwarded 312647 address@hidden


here is another bug report from one of our Debian users.

- Werner

----- Forwarded message from Sven Marnach <address@hidden> -----

Date: Thu, 09 Jun 2005 13:26:26 +0200
To: Debian Bug Tracking System <address@hidden>
From: Sven Marnach <address@hidden>
Subject: Bug#312647: cfengine2: Host authentication fails after update
    from 2.1.13
Reply-To: Sven Marnach <address@hidden>, address@hidden

Package: cfengine2
Version: 2.1.14-1
Severity: important

After upgrading all the machines in a small cluster to version 2.1.14-1, the
nodes could still successfully authenticate themselves to the master.

The nodes do a complete reinstall from a local mirror each time they boot.
They fetch their cfengine key pairs via tftp and try to run cfagent to fetch
some basic configuration.  This step failed after upgrading cfengine to
2.1.14-1, so the nodes couldn't reboot anymore.

cfservd prints the following message to the syslog:

Jun  3 01:49:53 master1 cfservd[3787]: Accepting connection from 
Jun  3 01:49:53 master1 cfservd[3787]:  Private decrypt failed = padding check 
Jun  3 01:49:53 master1 cfservd[3787]: Host authorization/authentication failed 
or access denied 
Jun  3 01:49:53 master1 cfservd[3787]: From 
Jun  3 01:49:57 node07 clinitrd: panic: Could not execute 'inroot cfagent -v 
--no-lock -D install'. 

(the last line shows the cfagent command line)

I know there was a change in the encrytion protocol that prevents new
clients from talking to old servers, but I upgraded all machines.

I also tried to regenerate all the keys, but that didn't work either.  After
reverting to 2.1.13 everything worked fine.

I'm lacking the time to track down this bug properly and hope this report
may help anyway.


-- System Information:
[stripped -- this computer doesn't even have cfengine installed...]

----- End forwarded message -----

reply via email to

[Prev in Thread] Current Thread [Next in Thread]