Tracy R Reed wrote: > Mark Burgess wrote: > > Hi Elaine - Unspecified refusal is a deliberately obtuse error so that > > potential hackers will not know why the faliure occurred. > > Cfengine is supposed to auth with keys right? If you don't have the > right key you don't get in. Do you not have faith in the key system?
No, and neither should you. Security != encryption. > And even if I could understand why you wouldn't tell a hacker > (although in most cases it's the sysadmin) specifics about why a > failure occurred shouldn't the server itself log the problem in great > detail in the logs so these things aren't so hard to figure out? > > I have spent a lot of time debugging authentication problems over the > last few weeks of implementing cfengine on our network. It seems that > the hostname must match the forward dns which must match the reverse > dns and the ip must be in the cfservd.conf as well as the domain and > you must have the right key or trustkeys turned on (bad idea) > and...what else is there? There are a ton of little details that must > all be just right. It's almost like there should be a checklist or > something. If you are a bad guy you won't have a key so even if you do > get everything set up there is no problem. > This is what that -d2 is for. -- Mark Burgess Professor of Network and System Administration Oslo University College ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Work: +47 22453272 Email: [EMAIL PROTECTED] Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________ Help-cfengine mailing list [email protected] http://cfengine.org/mailman/listinfo/help-cfengine
