Re: [Cfengine] Red Hat DHCP Clients

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfengine] Red Hat DHCP Clients

From:	Bas van der Vlies
Subject:	Re: [Cfengine] Red Hat DHCP Clients
Date:	Thu, 04 Sep 2003 11:35:46 +0200
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624

Read the docs cfservd.conf:

 DynamicAddresses

Hosts which are included in this list are assumed to have IP addresseswhich can change with time, e.g. hosts which are given IP addresses byDHCP or a BOOTP like protocol.


          control:

           DynamicAddresses = ( 128.39.74.100-200 )  # DHCP range

If cfservd receives a connection from an IP address that is in thislist, and trustkey is true, the existing key for that IP address can bereplaced with a new key, and the old key is recorded in a "used keys"list, access is granted. If trust is switched off, the server looks inthe "used key list" to see if the key has been seen before. If notaccess is refused. If it has been seen before - it uses this earliertrust to accept the connection and replace the IP-key binding.

Note that used keys are kept in a database for easy lookup, whereasfixed keys are kept in files for easy administration. If host keyschange or are reinstalled on the dynamically allocated hosts, then thisdatabase should probably be deleted to purge keys that become illegal.



Rasheda M Menzies wrote:

My Linux clients do not use static IP addresses. This poses a problemfor my Cfengine setup since Cfengine stores the public key of eachclient machine on the server as root-<IPaddress>.pub. It would behelpful if I could store the client public key in the format of a hostnamerather than an IP address since I have DHCP clients. I was wonderinghow to overcome this issue.
Thanks,
Rasheda
____________________________________________________
Rasheda M. Menzies
Software Engineer
IBM Watson Research Center
1101 Kitchawan Road, Route 134Yorktown Heights, NY 10598
Tel: 914-945-2401, Tie: 862-2401
E-mail: rasheda@us.ibm.com


------------------------------------------------------------------------

_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://mail.gnu.org/mailman/listinfo/help-cfengine



--
--
********************************************************************
*                                                                  *
*  Bas van der Vlies                     e-mail: basv@sara.nl      *
*  SARA - Academic Computing Services    phone:  +31 20 592 8012   *
*  Kruislaan 415                         fax:    +31 20 6683167    *
*  1098 SJ Amsterdam                                               *
*                                                                  *
********************************************************************

[Prev in Thread]

Current Thread

[Next in Thread]

Red Hat DHCP Clients, Rasheda M Menzies, 2003/09/03
- Re: [Cfengine] Red Hat DHCP Clients, Bas van der Vlies <=

Prev by Date: Re: [Cfengine] Re: Purge copy of big directory
Next by Date: Cfengine 2.0.8 fails to compile on AIX 4.3.3 , Solaris 8 , IRIX 6.5.19
Previous by thread: Red Hat DHCP Clients
Next by thread: variable substitution in editfiles
Index(es):
- Date
- Thread