Re: where is the best moment to populate the keys

[Mark . Burgess]

Why don't you simply let cfengine distribute the keys?

Mark





On 28 May, Eric Doutreleau wrote:
> 
> Hi
> 
> I'm trying to set up cfengine 2.0.2 on my network of redhat 7.x machine
> and i have a little problem.
> 
> I have one "master" server which have all the files and which run the
> cfservd whose name is crotale
> 
> I distribute the public key of the server to the client through the
> installation of a rpm package which contain the public key of the server.
> 
> To secure the transfer i have to transfer the public key of the client to 
> the server.
> 
> in interactive mode i use an scp command and it works well.
> scp -v /var/cfengine/ppkeys/localhost.pub 
> crotale:/var/cfengine/ppkeys/root-$ip.pub
> It prompts for the crotale root password and transfer the file
> 
> I would like to do that during the first boot sequence.
> I add the following file cfinit in the /etc/init.d/ directory 
> 
> #!/bin/bash -i
> #
> # cfengine        starts cfd
> #
> # chkconfig: - 99 99
> # description: initialisation de cfengine
> 
> # Source function library.
> 
> . /etc/rc.d/init.d/functions
> 
> case "$1" in
>   start)
> 
> 
> /var/cfengine/sbin/cfkey
> server="crotale"
> host=`hostname`
> ip=`host -t a $host | awk '{ print $4 }'`
> scp /var/cfengine/ppkeys/localhost.pub 
> crotale:/var/cfengine/ppkeys/root-$ip.pub
> /sbin/chkconfig --level 345 cfinit off
> ;;
> 
> esac
> 
> exit 0
> 
> 
> The file is executed but i never got the prompt for the root crotale 
> password and the transfer failed.
> 
> does someone know how to have an elegant way to do the transfer without 
> the need to log on client after the installation?
> 
> Thanks in advance for any help
> 
> 
>  



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~