Forum: CFEngine Help Subject: Re: Bindtointerface will not bind to a specific interface when similar subnets are involved Author: msvob...@linkedin.com Link to topic: https://cfengine.com/forum/read.php?3,23338,23415#msg-23415
If anyone cares... this is how I solved this problem. I stopped trusting the incoming request by source IP, and instead moved to public key authentication. Similar to adding a SSH key into a user's authorized_key file, I used Cfengine to push out the public keys of all my policy servers into my clients' /var/cfengine/ppkeys I removed "trustkeysfrom" in my clients' configurations for cf-serverd. I also opened the allowable network connections open extremely wide. So, the clients will accept a connection from anyone, but it will only allow file transfers to take place if the public key exchange works successfully. This is a better / more scalable solution than trusting by source ip, and I use Cfengine itself to drop the public keys into place. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
