Hi Chris,
My suggestion would be to make sure the network is secure, either
because it is all behind a firewall, or because of iptables or
AllowConnections in cfexec.conf, and then just enable trustkeys.
Regards,
Marco.
Chris St. Pierre wrote:
I'd like to set up a ruleset in cfengine so that, when I add a new
machine to the network (and to cfengine), its public key gets
automatiSimplest way would be to make sure DenyConnections / AllowConnections
is cally propagated through the other hosts. I understand that I
have to run cfservd on each host -- I already am -- but I'm not sure
what the ruleset would be. I can't seem to wrap my mind around how to
copy keys from each host to the policyhost (or to the other machines
on the network) without naming each machine explicitly in
cfservd.conf. I assume this can be done, but I'm apparently not
thinking "convergently." Any pointers? Thanks!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
http://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
http://cfengine.org/mailman/listinfo/help-cfengine
