Host authentication fails after update from 2.1.13

Mon, 13 Jun 2005 13:32:32 -0700 

forwarded 312647 [email protected]
thanks

Hi,

here is another bug report from one of our Debian users.


- Werner

----- Forwarded message from Sven Marnach <[EMAIL PROTECTED]> -----

Date: Thu, 09 Jun 2005 13:26:26 +0200
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
From: Sven Marnach <[EMAIL PROTECTED]>
Subject: Bug#312647: cfengine2: Host authentication fails after update
    from 2.1.13
Reply-To: Sven Marnach <[EMAIL PROTECTED]>, [EMAIL PROTECTED]

Package: cfengine2
Version: 2.1.14-1
Severity: important

After upgrading all the machines in a small cluster to version 2.1.14-1, the
nodes could still successfully authenticate themselves to the master.

The nodes do a complete reinstall from a local mirror each time they boot.
They fetch their cfengine key pairs via tftp and try to run cfagent to fetch
some basic configuration.  This step failed after upgrading cfengine to
2.1.14-1, so the nodes couldn't reboot anymore.

cfservd prints the following message to the syslog:

Jun  3 01:49:53 master1 cfservd[3787]: Accepting connection from 
::ffff:192.168.2.107 
Jun  3 01:49:53 master1 cfservd[3787]:  Private decrypt failed = padding check 
failed 
Jun  3 01:49:53 master1 cfservd[3787]: Host authorization/authentication failed 
or access denied 
Jun  3 01:49:53 master1 cfservd[3787]: From 
(host=node07.cluster,user=root,ip=::ffff:192.168.2.107)
Jun  3 01:49:57 node07 clinitrd: panic: Could not execute 'inroot cfagent -v 
--no-lock -D install'. 

(the last line shows the cfagent command line)

I know there was a change in the encrytion protocol that prevents new
clients from talking to old servers, but I upgraded all machines.

I also tried to regenerate all the keys, but that didn't work either.  After
reverting to 2.1.13 everything worked fine.

I'm lacking the time to track down this bug properly and hope this report
may help anyway.

Greetings,
Sven

-- System Information:
[stripped -- this computer doesn't even have cfengine installed...]



----- End forwarded message -----


_______________________________________________
Bug-cfengine mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-cfengine

Reply via email to