Well,
Once a connection is established, your master server only knows
client's IP. To establish a relation between an IP and a hostname, the
reverse and then direct DNS query is used, so that an IP must resolve
to a hostname which must resolve back to an IP. Otherwise a hostname
is untrusted. This is how it works in general with most Internet
services. Dunno if it is the same with Cfengine, but I believe it
should be.
2010/6/14 Nicolas Charles <nicolas.char...@normation.com>:
> Nope, but why isn't host2ip used automatically ?
>
> On 14/06/2010 17:20, Seva Gluschenko wrote:
>>
>> Nicolas,
>>
>> just a quick thought: does the reverse DNS contain the record for
>> 192.168.100.12?
>>
>> 2010/6/14 Nicolas Charles<nicolas.char...@normation.com>:
>>
>>>
>>> Hello everyone,
>>>
>>> I'm wondering what is the proper way (== the most commonly used) to
>>> identify the machines that are allowed to connect to a policy server.
>>>
>>> If I use the DNS name of the machines, they can't connect :
>>> in the cf-served.cf
>>> allowconnects => {
>>> @(def.acl) , "debian-5-32.labo.normation.com"
>>> };
>>>
>>> #ping debian-5-32.labo.normation.com
>>> 64 bytes from 192.168.100.12: icmp_seq=1 ttl=64 time=0.252 ms
>>>
>>> Result :
>>> "Not allowing connection from non-authorized IP ::ffff:192.168.100.12"
>>>
>>>
>>> I could use the ip of the machine, but it's prone to change. host2ip is
>>> the right solution (or so it seems), but then I'm wondering why it's not
>>> used by default when we use the domain name of a machine ?
>>>
>>> Regards
>>>
>>> --
>>> Nicolas CHARLES
>>> Normation SAS - http://www.normation.com
>>> 44 rue Cauchy – 94110 ARCUEIL
>>> +33 (0)1 83 62 26 96 - +33 (0)6 14 63 25 18
>>>
>>> _______________________________________________
>>> Help-cfengine mailing list
>>> Help-cfengine@cfengine.org
>>> https://cfengine.org/mailman/listinfo/help-cfengine
>>>
>>>
>>
>>
>>
>
>
> --
> Nicolas CHARLES
> Normation SAS - http://www.normation.com
> 44 rue Cauchy – 94110 ARCUEIL
> +33 (0)1 83 62 26 96 - +33 (0)6 14 63 25 18
>
>
--
SY, Seva Gluschenko.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
