[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SkipIdentify client side directive? domain name?
|
From: |
Christian Pearce |
|
Subject: |
SkipIdentify client side directive? domain name? |
|
Date: |
Mon, 13 Jun 2005 11:21:27 -0400 |
4.9.57 SkipIdentify
SkipIdentify = ( true )
This is the client side directive corresponding to the server directive
SkipVerify. It tells cfengine not to assume that the client is
registered in the Domain Name Service (DNS). Sometimes the assumption of
DNS registration can break connectivity between hosts, particularly if
firewalls or Network Address Translation is in use.
It is my understanding that if you set this in the control section for a
cfagent.conf file it will tell the remote host not to do a DNS lookup.
It is important to reduce the log noise you get if you don't have a
domain name set:
Jun 13 10:37:17 halo cfservd[27024]: Accepting connection from
198.70.184.163
Jun 13 10:37:17 halo cfservd[27024]: Unable to lookup hostname
(orion.undefined.domain) or cfengine service: Name or service not known
I realize that I could set domain = ( something ), but I have different
domains and I don't want to have to use classes to define the different
domains.
I even add a SkipVerify to the cfservd.conf file and still get this
message.
Running the cfservd in verbose I get this:
Non-verified Host ID is orion.undefined.domain (Using skipverify)
Non-verified User ID seems to be root (Using skipverify)
cfservd: Unable to lookup hostname (orion.undefined.domain) or cfengine
service: Name or service not known
Updating last-seen time for orion.undefined.domain
Loaded /var/cfengine/ppkeys/root-198.70.184.163.pub
A public key was already known from
orion.undefined.domain/198.70.184.163 - no trust required
Adding IP 198.70.184.163 to SkipVerify - no need to check this if we
have a key
Seems like the LastSeen function in cfsevrd.c in VerifyConnection.
Tracing through the code, looks like I can set LastSeen = ( off ). But
how does this effect what cfengine does?
And shouldn't the SkipIdentify directive override this?
=======================
domain name question???
Besides domain = ( poss.com ) or having the hostname set to
orion.poss.com is there another way the domain name is set via cfegine?
If I run domainname on my machine I get poss.com but it doesn't get set
inside cfagent.
--
Christian Pearce
http://www.sysnav.com
http://www.commnav.com
http://www.perfectorder.com
signature.asc
Description: This is a digitally signed message part
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- SkipIdentify client side directive? domain name?,
Christian Pearce <=