Re: $(domain) without DNS ?!

Mon, 07 Mar 2005 06:17:04 -0800 

On Fri, 4 Feb 2005 14:16:37 +0900, Yves wrote:
> How to handle $(domain) variable in a clean, secure manner without
> DNS  ?
>
>
> If $(domain) is not defined, copy action (remote) fails because of
> authentication mechanism .
> So, we use the following workaround in cfservd.conf on
> $(policyhost):
>
>
> SkipVerify = ( 10. )
> domain      = ( dummy )
> grant:
> /cfdepot/  *.dummy
>
>
> # /var/cfengine/bin/cfservd -F -v
>
>
> Listening for connections ...
> cfservd: Allowing 10.10.10.102 to connect without (re)checking ID
> Non-verified Host ID is ws01.dummy (Using skipverify)
> Non-verified User ID seems to be root (Using skipverify)
> cfservd: Unable to lookup hostname (ws01.dummy) or cfengine service: Hostname 
> and service name not provided or found
> Updating last-seen time for ws01.dummy Loaded 
> /var/cfengine/ppkeys/root-10.10.10.102.pub
> A public key was already known from ws01.dummy/10.10.10.102 - no trust 
> required
> Adding IP 10.10.10.102 to SkipVerify - no need to check this if we have a key
> The public key identity was confirmed as [EMAIL PROTECTED]
> cfservd: Strong authentication of client ws01.dummy/10.10.10.102 achieved
>
> env:
> - v2.1.10
> - using NIS
> - installed on aix 4.3.3;5.1
>
>
> Is there a way to handle it in a clean and secure manner?
>
> Thanks,
> Yves
>
> [EMAIL PROTECTED] am 04.02.2005 11:28:56 Uhr
>_______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine

I have another question.
Is there a possibilty to prevent the message:

"Unable to lookup hostname (ws01.dummy) or cfengine service: Hostname and 
service name not provided or found"

When I use SkipVerify for the host or ip-range, I don't need this warning.

env:
        cfengine v.2.1.10
        700 clients (at least 700x24=16800 entries in SYSLOG)

Thanks and regards,
Yves

 [EMAIL PROTECTED] am 07.03.2005 10:51:39Uhr




_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine

Reply via email to