Re: cfd host auth error -- progress I think

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfd host auth error -- progress I think

From:	Alan Sparks
Subject:	Re: cfd host auth error -- progress I think
Date:	Fri, 05 Jan 2001 11:44:56 -0700

I do have AllowConnectionsFrom and AllowMultipleConnectionsFrom defined
in the cfd.conf file (can you have both?).  Both are set to the same
list of network addresses, but still see problems...

I'll try the -d 1 again... I've run with that before but did not see a
"denying repeated connection" log line.

-Alan

Andrew Mayhew wrote:
> 
> Could you run your cfd like this: cfd -d 1 -f cfd.conf >cfd.log 2>cfd.log
> and then rerun your client connection.  I have a slightly different
> theory as to why your authentication is failing and it doesn't
> actually have anything to do with the config file rereading.  What I
> believe is really happening is that cfd is denying repeated
> connections from the same host based on its "spamming" policy.  So,
> after a connection is closed, PurgeOldConnections is called, and
> unless it has been more than two hours your old connection lives in a
> list of denied hosts.  If this is the case, you should see something
> like the following coming out of cfd:
> RecvSocketStream(4096)
> Purging Old Connections...
> Done purging
> stool: Denying repeated connection from 10.0.0.233
> Checking file updates on ./cfd.server-test (3a4ed98b/3a4eef3b)
> Transmission empty...
> cfd: terminating NULL transmission!
> ***Closing socket 5 from 127.0.0.1
> Terminating thread...
> 
> This is just my theory and if I recall properly, the reason the hosts
> are getting put in a deny list after connecting is because the
> connection was closed uncleanly.  You can alter this behaviour with the
> AllowMultipleConnectionsFrom = ( [IPLIST] ) in cfd's configuration.
> 
> --Andrew Mayhew <amayhew@logictier.com>
> 
> On Fri, Jan 05, 2001 at 09:38:48AM -0700, Alan Sparks wrote:
> > Obviously I speak too soon.  This doesn't entirely eliminate the
> > problem:
> >
> > Jan  5 09:32:27 xx.xx.net cfd[28733]: Rereading config files
> > /opt/cfengine/etc/cfd.conf..
> > Jan  5 09:32:27 xx.xx.net cfd[28733]: Host authentication failed or
> > access denied
> >
> > Back to the drawing board.
> > -Alan
> >
> >
> > Alan Sparks wrote:
> > >
> > > I think I found a reason why I get rejections from cfd after a config
> > > file reload (I'm still testing this).  It looks like a couple of lines
> > > are missing in cfd.c starting around line 862 (in CheckFileChanges):
> > >
> > >    DeleteItemList(VHEAP);
> > >    DeleteItemList(VNEGHEAP);
> > >    DeleteAuthList(VADMIT);
> > >    DeleteAuthList(VDENY);                       <== ADDED
> > >    strcpy(VDOMAIN,"undefined.domain");
> > >
> > >    VADMIT = VADMITTOP = NULL;
> > >    VDENY = VDENYTOP = NULL;                     <== ADDED
> > >    VHEAP = VNEGHEAP = NULL;
> > >
> > > I also removed the call to LoadSecretKeys() in this function, since it
> > > is called by CheckVariables() (called right before it).
> > >
> > > Only thing yet to find is why the following happens... Often after a
> > > config file reread, the following log messages occur (and cfd exits):
> > >
> > > Jan  2 08:58:46 denverops.quris.net cfd[24918]: Unable to create
> > > Jan  2 08:58:46 denverops.quris.net cfd[24918]: creat: No such file or
> > > directory
> > > Jan  2 08:58:46 denverops.quris.net cfd[24918]: Unable to remove lock
> > > /var/run/cfengine/lock.cfd_conf.denverops.cfd.exec
> > > Jan  2 08:58:46 denverops.quris.net cfd[24918]: unlink
> > >
> > > Notice the first message:  The CFLAST variable is empty.  I can't yet
> > > understand how it gets emptied out.
> > >
> > > -Alan
> > >
> > > --
> > > Alan Sparks, Sr. UNIX Administrator     asparks@quris.com
> > > Quris, Inc.                             (720) 836-2058
> > >
> > > _______________________________________________
> > > Help-cfengine mailing list
> > > Help-cfengine@gnu.org
> > > http://mail.gnu.org/mailman/listinfo/help-cfengine
> >
> > --
> > Alan Sparks, Sr. UNIX Administrator   asparks@quris.com
> > Quris, Inc.                           (720) 836-2058
> >
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://mail.gnu.org/mailman/listinfo/help-cfengine
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine

-- 
Alan Sparks, Sr. UNIX Administrator     asparks@quris.com
Quris, Inc.                             (720) 836-2058

[Prev in Thread]

Current Thread

[Next in Thread]

cfd host auth error -- progress I think, Alan Sparks, 2001/01/02
- Re: cfd host auth error -- progress I think, Alan Sparks, 2001/01/05
  - Re: cfd host auth error -- progress I think, Andrew Mayhew, 2001/01/05
    - Re: cfd host auth error -- progress I think, Alan Sparks <=

Prev by Date: Re: cfd host auth error -- progress I think
Next by Date: are you STILL renting Adult videos from the store?
Previous by thread: Re: cfd host auth error -- progress I think
Next by thread: are you STILL renting Adult videos from the store?
Index(es):
- Date
- Thread