[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: without trustkey=yes cfengine 2.1.8 fails to run
From: |
Mark . Burgess |
Subject: |
Re: without trustkey=yes cfengine 2.1.8 fails to run |
Date: |
Sun, 8 Aug 2004 23:16:49 +0200 (MEST) |
I did not have to upgrade anything on upgrading. I suspect the problem
is something else. One possibility is that the programs are compiled
with incompatible vesions of openssl, but that is just a wild guess
M
On 6 Aug, Uwe Zeisberger wrote:
> Hello Thomas,
>
> thanks for your help, but:
>
> Thomas Glanzmann wrote:
>> > cfengine:: Not authorized to trust the server=a...de's public key
>> > (trustkey=false)
>> > cfengine:: Authentication dialogue with a...de failed
>> > cfengine:: Not authorized to trust the server=a....de's public key
>> > (trustkey=false)
>> > cfengine:: Authentication dialogue with a...de failed
>>
>> In my opinion you have two solutions to your problem.
>>
>> (generic part) Upgrade cfengine to 2.1.8 on all Solaris hosts
> I already updated all hosts to 2.1.8, generated new keys with the new
> version everywhere.
>
>> (solution 1) Delete the /var/cfengine/ppkeys/root-* files and set
>> trustkeys to yes.
> already done, too. On the client, the file for the server still don't
> exist after running cfengine with trustkey=true.
>
>> (solution 2) Copy over a key generated from a cfengine-2.1.8 version to
>> /var/cfengine/ppkeys/root-whatever
>
> When I copy localhost.pub from the server (andromeda) to ppkeys/root-<ip>.pub
> on a client, I get on the client (running cfagent -q -v -d 1)
>
> cfengine:: Strong authentication of
> server=andromeda.informatik.uni-freiburg.de connection
> confirmed Receive counter challenge from server
> RecvSocketStream(8)
> (Concatenated 8 from stream)
> Transaction Receive [t 256][]
> RecvSocketStream(256)
> (Concatenated 256 from stream)
> Replying to counter challenge with md5
> Transaction Send[t 16][Packed text]
> Attempting to send 24 bytes
> SendSocketStream, sent 24
> Collecting public key from server!
> RecvSocketStream(8)
>
> and on the server (cfservd -F -v -d 1)
>
> A public key was already known from
> auriga.informatik.uni-freiburg.de/::ffff:132.230.151.12 - no
> trust required Adding IP ::ffff:132.230.151.12 to SkipVerify - no need
> to check this if we have a
> key The public key identity was confirmed as address@hidden
> Transaction Send[t 16][Packed text]
> Attempting to send 24 bytes
> SendSocketStream, sent 24
> Transaction Send[t 16][Packed text]
> Attempting to send 24 bytes
> SendSocketStream, sent 24
> Transaction Send[t 256][Packed text]
> Attempting to send 264 bytes
> SendSocketStream, sent 264
> RecvSocketStream(8)
> (Concatenated 8 from stream)
> Transaction Receive [t 16][]
> RecvSocketStream(16)
> (Concatenated 16 from stream)
> cfservd: Strong authentication of client
> auriga.informatik.uni-freiburg.de/::ffff:132.230.151.12
> achieved RecvSocketStream(8)
>
> and then nothing new happens.
>
> Regards,
> Uwe
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: address@hidden
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~