[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: some sort of host authentication problem.
From: |
mark |
Subject: |
Re: some sort of host authentication problem. |
Date: |
Sun, 13 Apr 2003 07:39:54 +0200 (MEST) |
You can yse SkipVerify to avoid reverse lookup.
M
On 12 Apr, Kurt Lieber wrote:
> I am unable to successfuly copy files from my master host to a slave
> server. After a fair amount of troubleshooting, I tracked it down to this
> line:
>
> # master cfengine config files are stored here
> /var/cfengine/masterfiles/inputs/ *.domain.com
>
> If I change it to:
>
> # master cfengine config files are stored here
> /var/cfengine/masterfiles/inputs/ *
>
> Then it works fine which tells me that it's probably a problem with the
> reverse lookup. Here is the relevant section of my cfservd.conf file:
>
> control:
>
> domain = ( domain.com )
> AllowUsers = ( root )
> AllowConnectionsFrom = ( 192.168.1 )
> TrustKeysFrom = ( 192.168.1.0/24 )
> SkipVerify = ( 192.168.1 )
>
>
> And the relevant section from cfservd -d2:
>
> AccessControl(/var/cfengine/masterfiles/inputs)
> AccessControl(/var/cfengine/masterfiles/inputs,192.168.1.144) encrypt
> request=1
> Found a match for in access list
> (/var/cfengine/masterfiles/inputs,/var/cfengine/masterfiles/inputs)
> FuzzyItemIn(192.168.1.144)
> IsWildItem(192.168.1.144,*.domain.com)
> IsWildItem(192.168.1.144,*.domain.com)
> FuzzyItemIn(192.168.1.144)
> cfservd: Host 192.168.1.144 denied access to /var/cfengine/masterfiles/inputs
>
>
> Now, reverse lookups don't work on my network -- so 192.168.1.144 is never
> going to correctly resolve to host.domain.com. Is there any other way to
> tell cfservd that 192.168.1.144 really is host.domain.com? Or am I stuck
> using "*" for all my file controls in cfservd.conf?
>
> Thanks.
>
> --kurt
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~