The line you are looking for is 'TrustKeysFrom'. Cfservd will trust the key from any ip in the given subnet the first time it sees it; if a host changes keys it will not be trusted.
EX: TrustKeysFrom = ( 192.168 10.3 172.16 ) http://www.cfengine.org/docs/cfengine-Reference.html#TrustKeysFrom -Jason Martin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark McCullough Sent: Friday, September 09, 2005 10:06 AM To: [email protected] Subject: Trust dilemma I am trying to set up a fairly standardized system where junior sysadmins are able to add new systems into the cfengine setup. I have most of the steps properly automated so that they do not need special access on the cfengine master server, except for the issue of the new client's public key. I can't figure out a way to force cfservd to trust a range of IPs despite the examples given in the reference guide. I know what ranges of IPs I want to trust, but it seems to only trust pre-existing keys or individual IPs. (I can't afford to manually add every single IP). This is cfengine 3.1.15. I've tried tricks like ACLs on the /var/cfengine/ppkeys directory, but that causes complaints on the master server. Any suggestions or am I overthinking this? -- [EMAIL PROTECTED] Mark McCullough "To announce that there must be no criticism of the President, or that we are to stand by the President, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public." (Theodore Roosevelt, 1918) _______________________________________________ Help-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-cfengine
