Re: without trustkey=yes cfengine 2.1.8 fails to run

[Thomas Glanzmann]

Hello Uwe,

* Uwe Zeisberger <address@hidden> [040805 22:59]:
> with the hint of Thomas Glanzmann from Wed, 4 Aug 2004 14:07:34 +0200 I
> now get cfengine 2.1.8 to run. Additionally to delete all root-* keys I
> inserted trustkey=true to the first copy item in update.conf. I wish to
> remove this entry again, because of the mails I get ("Trusting server
> identity and willing to accept key from ...") and because of security.
> But when I do so, cfengine fails to run with the error:

I just described the symptoms and way to circumvent it. The real problem
was much earlier on the list, but someone had to intereprete it. :-)

> cfengine:: Not authorized to trust the server=a...de's public key 
> (trustkey=false)
> cfengine:: Authentication dialogue with a...de failed
> cfengine:: Not authorized to trust the server=a....de's public key 
> (trustkey=false)
> cfengine:: Authentication dialogue with a...de failed

In my opinion you have two solutions to your problem.

(generic part) Upgrade cfengine to 2.1.8 on all Solaris hosts (btw. I
just shipped blastwave packages for cfengine 2.1.8 via
http://www.blastwave.org/)

(solution 1) Delete the /var/cfengine/ppkeys/root-* files and set
trustkeys to yes.

(solution 2) Copy over a key generated from a cfengine-2.1.8 version to
/var/cfengine/ppkeys/root-whatever

        Thomas