|
From: | Pletan, Ray |
Subject: | Turn Off Use of Keys and Encryption |
Date: | Wed, 4 Jan 2006 12:11:46 -0600 |
We are implementing cfengine for post server build configuration. I would like to turn OFF the use of keys and encryption to do this. I have been unable to discover how to do this. I have set the encrypt=false flag in my post build configuration files but cfengine still seems to require the use of keys.
Here is my cfservd.conf file:
############################################################################### # Who and what we allow access to, and who we trust ############################################################################### control: domain = ( mytest.com ) cfrunCommand = ( "/var/cfengine/bin/cfagent" ) MaxConnections = ( 100 ) MultipleConnections = ( true ) IfElapsed = ( 60 ) DenyBadClocks = ( false ) # TrustKeysFrom = ( 0-255.0-255.0-255.0-255 ) AllowUsers = ( root ) #cfhost = ( sklab07.mytest.com )
admit: /var/cfengine/ppkeys/localhost.pub *.mytest.com *.ext.mytest.com /var/cfengine/bin/cfagent *.mytest.com *.ext.mytest.com
grant: /var/cfengine *.mytest.com *.ext.mytest.com /tmp/bmfh.conf *.mytest.com *.ext.mytest.com /tmp/test.conf *.mytest.com *.ext.mytest.com /home *.mytest.com *.ext.mytest.com /etc *.mytest.com *.ext.mytest.com /var/tmp *.mytest.com *.ext.mytest.com /var/ftp/cmg/cmgtools/SUN/ssh_scripts *.mytest.com *.ext.mytest.com /usr/local/admin/sudo/sudoers *.mytest.com *.ext.mytest.com
Below is my post build configuration file:
# # Simple cfengine configuration file #
control:
actionsequence = ( directories files copy editfiles )
domain = ( mytest.com ) timezone = ( CST )
smtpserver = ( mailhost.mytest.com ) # used by cfexecd sysadm = ( rdwalkup@mytest.com ) # where to mail output cfhost = ( sklab07 ) encrypt = ( false )
classes: any:: # BmfhClient = ( sklab08 filbert )
######################################################################
copy:
/usr/local/admin/sudo/sudoers dest=/etc/sudoers owner=root group=root server=$(cfhost) mode=440 encrypt=false
/home dest=/home recurse=inf include=.** include=authorized_keys include=authorized_keys2 include=authorized_keys3 mode=700 server=$(cfhost) trustkey=true encrypt=false
editfiles:
{ /etc/services AppendIfNoSuchLine "#cfengine" AppendIfNoSuchLine "cfengine 5308/tcp" }
directories: /.ssh mode=600
any help would be appreciated.
Thanks, Ray J
|
[Prev in Thread] | Current Thread | [Next in Thread] |