Mark Burgess wrote: > Hi Elaine - Unspecified refusal is a deliberately obtuse error so that > potential hackers will not know why the faliure occurred.
Cfengine is supposed to auth with keys right? If you don't have the right key you don't get in. Do you not have faith in the key system? And even if I could understand why you wouldn't tell a hacker (although in most cases it's the sysadmin) specifics about why a failure occurred shouldn't the server itself log the problem in great detail in the logs so these things aren't so hard to figure out? I have spent a lot of time debugging authentication problems over the last few weeks of implementing cfengine on our network. It seems that the hostname must match the forward dns which must match the reverse dns and the ip must be in the cfservd.conf as well as the domain and you must have the right key or trustkeys turned on (bad idea) and...what else is there? There are a ton of little details that must all be just right. It's almost like there should be a checklist or something. If you are a bad guy you won't have a key so even if you do get everything set up there is no problem. -- Tracy R Reed http://ultraviolet.org A: Because we read from top to bottom, left to right Q: Why should I start my reply below the quoted text _______________________________________________ Help-cfengine mailing list [email protected] http://cfengine.org/mailman/listinfo/help-cfengine
