bug-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Misleading error message, host authentication problem instead o f "f

From: Mark . Burgess
Subject: Re: Misleading error message, host authentication problem instead o f "file not found".
Date: Tue, 8 Jan 2002 19:35:26 +0100 (MET) 
On  8 Jan, Hugo Gayosso wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> cfservd was reporting (/var/log/messages) something like:
> 
> Jan  8 11:13:46 myhost myhost.mydomain.com[1776]: Host authentication failed 
> or access denied (keys in correct dir?) 
> Jan  8 11:13:46 myhost myhost.mydomain.com[1776]: Host authentication failed 
> or access denied (keys in correct dir?) 
> 
> 
> I verified that the hostname was properly resolved and that there were
> no "secure" copy performed, and that there were no "keys" file
> anywhere, and seeing that this was reported when cfagent was run in
> one specific server, I decided to run cfservd with the "--debug"
> option and found:
> 
> 
> Received: [SYNCH 1010514495 STAT /var/masterconf/http/httpd.conf.ProblemHost] 
> on socket 5
> AccessControl(/var/masterconf/http/httpd.conf.ProblemHost)
> Couldn't resolve filename /var/masterconf/http/httpd.conf.ProblemHost from 
> host ProblemHost.mydomain.com
> myhost.mydomain.com: Host authentication failed or access denied (keys in 
> correct dir?)
> SendTransaction(BAD: Host authentica...,len=64)
> Transaction Send[t 64][BAD: Host authentica...]
> SendSocketStream(72)
> SendSocketStream, tosend 72
> SendSocketStream, sent 72
> myhost.mydomain.com: Host authentication failed or access denied (keys in 
> correct dir?)
> RecvSocketStream(8)
>     (Concatenated 8 from stream)
> Transaction Receive [t 53][]
> RecvSocketStream(53)
>     (Concatenated 53 from stream)
> 
> 
> The file doesn't exist (that is fine), the error message is
> misleading.
> 
> 
> Greetings,
> - -- 
> Hugo Gayosso
> Support the Free Software Movement!
> GNU Project <http://www.gnu.org>
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE8Oq0kx2JZtTN6co8RAkzoAJwITtauOshMU/gl/QrsnGjSviKWGACdHaS6
> 4H1Kpu4MbmPVv0+NRCULoKM=
> =ZMia
> -----END PGP SIGNATURE-----


THe message is deliberately misleading on the client, to avoid giving
information to potential attackers. The true problem can be found
by examining the behaviour of the server.

M

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]