bug-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: without trustkey=yes cfengine 2.1.8 fails to run

From: Mark . Burgess
Subject: Re: without trustkey=yes cfengine 2.1.8 fails to run
Date: Sun, 8 Aug 2004 23:16:49 +0200 (MEST) 
I did not have to upgrade anything on upgrading. I suspect the problem
is something else. One possibility is that the programs are compiled
with incompatible vesions of openssl, but that is just a wild guess

M

On  6 Aug, Uwe Zeisberger wrote:
> Hello Thomas,
> 
> thanks for your help, but:
> 
> Thomas Glanzmann wrote:
>> > cfengine:: Not authorized to trust the server=a...de's public key 
>> > (trustkey=false)
>> > cfengine:: Authentication dialogue with a...de failed
>> > cfengine:: Not authorized to trust the server=a....de's public key 
>> > (trustkey=false)
>> > cfengine:: Authentication dialogue with a...de failed
>> 
>> In my opinion you have two solutions to your problem.
>> 
>> (generic part) Upgrade cfengine to 2.1.8 on all Solaris hosts
> I already updated all hosts to 2.1.8, generated new keys with the new
> version everywhere.
> 
>> (solution 1) Delete the /var/cfengine/ppkeys/root-* files and set
>> trustkeys to yes.
> already done, too. On the client, the file for the server still don't
> exist after running cfengine with trustkey=true.
>  
>> (solution 2) Copy over a key generated from a cfengine-2.1.8 version to
>> /var/cfengine/ppkeys/root-whatever
> 
> When I copy localhost.pub from the server (andromeda) to ppkeys/root-<ip>.pub
> on a client, I get on the client (running cfagent -q -v -d 1)
> 
>       cfengine:: Strong authentication of 
> server=andromeda.informatik.uni-freiburg.de connection
> confirmed     Receive counter challenge from server
>       RecvSocketStream(8)
>           (Concatenated 8 from stream)
>       Transaction Receive [t 256][]
>       RecvSocketStream(256)
>           (Concatenated 256 from stream)
>       Replying to counter challenge with md5
>       Transaction Send[t 16][Packed text]
>       Attempting to send 24 bytes
>       SendSocketStream, sent 24
>       Collecting public key from server!
>       RecvSocketStream(8)
> 
> and on the server (cfservd -F -v -d 1)
> 
>       A public key was already known from 
> auriga.informatik.uni-freiburg.de/::ffff:132.230.151.12 - no
> trust required        Adding IP ::ffff:132.230.151.12 to SkipVerify - no need 
> to check this if we have a
> key   The public key identity was confirmed as address@hidden
>       Transaction Send[t 16][Packed text]
>       Attempting to send 24 bytes
>       SendSocketStream, sent 24
>       Transaction Send[t 16][Packed text]
>       Attempting to send 24 bytes
>       SendSocketStream, sent 24
>       Transaction Send[t 256][Packed text]
>       Attempting to send 264 bytes
>       SendSocketStream, sent 264
>       RecvSocketStream(8)
>           (Concatenated 8 from stream)
>       Transaction Receive [t 16][]
>       RecvSocketStream(16)
>           (Concatenated 16 from stream)
>       cfservd: Strong authentication of client 
> auriga.informatik.uni-freiburg.de/::ffff:132.230.151.12
> achieved      RecvSocketStream(8)
> 
> and then nothing new happens.
> 
> Regards,
> Uwe
> 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]