Hi all,
I looked on the cfengine home page, but I don't see any documentation on
the issues that happen when using cfengine when NAT and a firewall is
involved. I read the firewall document, but that looks more like a
non-NAT firewall arrangement.
What problems will I face when having cfengi
I'd like to set up a ruleset in cfengine so that, when I add a new
machine to the network (and to cfengine), its public key gets
automatically propagated through the other hosts. I understand that I
have to run cfservd on each host -- I already am -- but I'm not sure
what the ruleset would be. I
Jason Edgecombe wrote:
> What problems will I face when having cfengine clients behind NAT talk
> to a cfengine server on the public network.
http://www.cfengine.org/docs/cfengine-Reference.html#SkipVerify
Best,
Brendan
--
Senior System Administrator
The University of Chicago
Department of Com
Chris St. Pierre wrote:
> I'd like to set up a ruleset in cfengine so that, when I add a new
> machine to the network (and to cfengine), its public key gets
> automatically propagated through the other hosts.
You are dealing with cfengine keys, right? When I am building a new
machine, I make sure
Brendan Strejcek wrote:
Jason Edgecombe wrote:
What problems will I face when having cfengine clients behind NAT talk
to a cfengine server on the public network.
http://www.cfengine.org/docs/cfengine-Reference.html#SkipVerify
Thanks!
That should do.
___
Brendan Strejcek wrote:
> Jason Edgecombe wrote:
>
> > What problems will I face when having cfengine clients behind NAT
> > talk to a cfengine server on the public network.
>
> http://www.cfengine.org/docs/cfengine-Reference.html#SkipVerify
You might also be interested in:
http://www.cfengine.
Hi Jason,
Have a look at the manual for the following cfexec.conf directives:
SkipVerify
AllowMultipleConnectionsFrom
You might also want to look at this, although I think this isn't what
you are asking:
http://www.cfengine.org/docs/cfengine-Reference.html#Firewalls-and-NATs
Regards,
Marco
Hi Chris,
My suggestion would be to make sure the network is secure, either
because it is all behind a firewall, or because of iptables or
AllowConnections in cfexec.conf, and then just enable trustkeys.
Regards,
Marco.
Chris St. Pierre wrote:
I'd like to set up a ruleset in cfengine so th
No, I'm not dealing with Cfengine keys. I'm dealing with host public
keys, e.g., /etc/ssh/ssh_known_keys. I'd like to aggregate and
distribute those keys without maintaining a list of hosts.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
On Tue, 9 May 2006, Brendan Str
Hi,
here we are using a litle script that use mqseries to send us back
those keys (u can use email too)
then i had installed a complete host keys distribution based on editfiles.
there's a directory
on our config server that contains a file by user, this file is a list of
public keys
an
I am using cfengine 2.1.16 on CentOS 4.3. I have machines on a local
192.168 network and machines with public ip's outside of our local
network. I would like to be able to manage all of the policy from one
place and keep all of the machines consistant both inside and out. It
was recommended on
11 matches
Mail list logo
