Turn Off Use of Keys and Encryption

[Pletan, Ray]

We are implementing cfengine for post server build configuration. I would like to turn OFF  the use of keys and encryption  to do this.  I have been unable to discover how to do this. I have set the encrypt=false flag in my post build configuration files but cfengine still seems to require the use of keys.

 

Here is my cfservd.conf file:

 

###############################################################################

# Who and what we allow access to, and who we trust

###############################################################################

control:

   domain = ( mytest.com )

   cfrunCommand = ( "/var/cfengine/bin/cfagent" )

   MaxConnections = ( 100 )

   MultipleConnections = ( true )

   IfElapsed = ( 60 )

   DenyBadClocks = ( false )

#   TrustKeysFrom = ( 0-255.0-255.0-255.0-255 )

    AllowUsers = ( root )

    #cfhost          = ( sklab07.mytest.com )

 

admit:

    /var/cfengine/ppkeys/localhost.pub

      *.mytest.com 

      *.ext.mytest.com

    /var/cfengine/bin/cfagent

      *.mytest.com

      *.ext.mytest.com

 

 

 

grant:

  /var/cfengine

    *.mytest.com

    *.ext.mytest.com

  /tmp/bmfh.conf

    *.mytest.com

    *.ext.mytest.com

  /tmp/test.conf

    *.mytest.com

    *.ext.mytest.com

  /home

    *.mytest.com

    *.ext.mytest.com

  /etc

    *.mytest.com

    *.ext.mytest.com

  /var/tmp

    *.mytest.com

    *.ext.mytest.com

  /var/ftp/cmg/cmgtools/SUN/ssh_scripts

    *.mytest.com

    *.ext.mytest.com

  /usr/local/admin/sudo/sudoers

    *.mytest.com

    *.ext.mytest.com

 

 

Below is my post build configuration file:

 

 

#

# Simple cfengine configuration file

#

 

control:

 

   actionsequence = ( directories files copy editfiles )

 

   domain         = ( mytest.com )

   timezone       = ( CST )

 

   smtpserver     = ( mailhost.mytest.com )   # used by cfexecd

   sysadm         = ( rdwalkup@mytest.com )        # where to mail output

   cfhost          = ( sklab07 ) 

   encrypt          = ( false ) 

 

 

classes:

any::

#   BmfhClient     = ( sklab08 filbert )

 

######################################################################

 

copy:

 

  /usr/local/admin/sudo/sudoers dest=/etc/sudoers

                                owner=root

                                group=root

                                server=$(cfhost)

                                mode=440

                                encrypt=false  

 

 

 

 

  /home                     dest=/home

                               recurse=inf

                               include=.**

                               include=authorized_keys

                               include=authorized_keys2

                               include=authorized_keys3

                               mode=700

                               server=$(cfhost) trustkey=true

                                encrypt=false  

 

editfiles:

  

 { /etc/services

     AppendIfNoSuchLine "#cfengine"

     AppendIfNoSuchLine "cfengine        5308/tcp"

 }

 

directories:

    /.ssh

    mode=600

 

 

any help would be appreciated.

 

Thanks,

Ray J