On Fri, 4 Feb 2005 14:16:37 +0900, Yves wrote:
> How to handle $(domain) variable in a clean, secure manner without
> DNS ?
>
>
> If $(domain) is not defined, copy action (remote) fails because of
> authentication mechanism .
> So, we use the following workaround in cfservd.conf on
> $(policyhost):
>
>
> SkipVerify = ( 10. )
> domain = ( dummy )
> grant:
> /cfdepot/ *.dummy
>
>
> # /var/cfengine/bin/cfservd -F -v
>
>
> Listening for connections ...
> cfservd: Allowing 10.10.10.102 to connect without (re)checking ID
> Non-verified Host ID is ws01.dummy (Using skipverify)
> Non-verified User ID seems to be root (Using skipverify)
> cfservd: Unable to lookup hostname (ws01.dummy) or cfengine service: Hostname
> and service name not provided or found
> Updating last-seen time for ws01.dummy Loaded
> /var/cfengine/ppkeys/root-10.10.10.102.pub
> A public key was already known from ws01.dummy/10.10.10.102 - no trust
> required
> Adding IP 10.10.10.102 to SkipVerify - no need to check this if we have a key
> The public key identity was confirmed as [EMAIL PROTECTED]
> cfservd: Strong authentication of client ws01.dummy/10.10.10.102 achieved
>
> env:
> - v2.1.10
> - using NIS
> - installed on aix 4.3.3;5.1
>
>
> Is there a way to handle it in a clean and secure manner?
>
> Thanks,
> Yves
>
> [EMAIL PROTECTED] am 04.02.2005 11:28:56 Uhr
>_______________________________________________
> Help-cfengine mailing list
> [email protected]
> http://lists.gnu.org/mailman/listinfo/help-cfengine
I have another question.
Is there a possibilty to prevent the message:
"Unable to lookup hostname (ws01.dummy) or cfengine service: Hostname and
service name not provided or found"
When I use SkipVerify for the host or ip-range, I don't need this warning.
env:
cfengine v.2.1.10
700 clients (at least 700x24=16800 entries in SYSLOG)
Thanks and regards,
Yves
[EMAIL PROTECTED] am 07.03.2005 10:51:39Uhr
_______________________________________________
Help-cfengine mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-cfengine
