Fuzzy Matching and IP Ranges in TrustKeysFrom

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fuzzy Matching and IP Ranges in TrustKeysFrom

From:	Dave Owen
Subject:	Fuzzy Matching and IP Ranges in TrustKeysFrom
Date:	20 Feb 2003 09:35:47 -0800

I'm using 2.0.b4. I want to set TrustKeysFrom in cfsercd.conf to allow
any new client on a large subnet be trusted when it supplies its
public key to the server.

This works fine when I use individual IP addresses. However, if I use
ranges, either like this

nnn.nnn.nnn.nnn/16

or like this

nnn.nnn.1-254.1-254

then the key is not accepted. Turning up debug shows the client IP
address being passed to IsFuzzyItemIn() and being matched against a
list of IP addresses. However, I've looked at the code for where the
IP list is stored and the comparison routine, and I can't find the
part that should be either expanding the address range into a list of
addresses or matching the client against a representation of the
range.

Has this ever worked? I've seen people recommend using subnet ranges,
but has anyone actually got it to work? Any insight warmly welcomed.

Regards,

Dave.

[Prev in Thread]

Current Thread

[Next in Thread]

Fuzzy Matching and IP Ranges in TrustKeysFrom, Dave Owen <=
- Re: Fuzzy Matching and IP Ranges in TrustKeysFrom, Mark . Burgess, 2003/02/20
  - Upgrade, upgrade, upgrade, Yves, 2003/02/20
    - Re: Upgrade, upgrade, upgrade, Nate Campi, 2003/02/20

Prev by Date: trigger class if file edited - help !
Next by Date: Re: trigger class if file edited - help !
Previous by thread: trigger class if file edited - help !
Next by thread: Re: Fuzzy Matching and IP Ranges in TrustKeysFrom
Index(es):
- Date
- Thread