Hi, I had the impression that the news key naming convention would allow for "unique" identification of a machine. Thus it allows a machine to change its IP adress and still be able to communicate with its server. I though it would also allows to detect when a machine changes its keys, and thus refuse the news pair of key.
Based on these assumption, we built a system where we eagerly accept all keys from clients, and create their promise folders once they've been confirmed by a human. But when we remove the keys a client and regenerate new ones, the client is still accepted (as a new one actually) Is there a way to prevent the connexion from a known node if its key changed, while still accepting connexions from unknown nodes ? Regards -- Nicolas CHARLES Normation SAS - http://www.normation.com 44 rue Cauchy – 94110 Arcueil, FRANCE Standard +33 (0)1 83 62 26 96 Tél direct +33 (0)1 83 62 57 47 _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
