similar to: OpenSSH Certkey (PKI)

Can anyone validate this? I am attempting to run the puppet cert/ca standlone commands. I am running form an unchanged master branch and if I run (simplified for the example): puppet cert generate host the resulting ca_key.pem is not encrypted. If I run : puppet ca generate host the resulting ca_key.pem is encrypted. In both cases the ca.pass file is created but the code path through cert does

Hi, I''ve setup a puppet-3.2.2 master, on a new server, and I''ve updated 1 server (agent) to 3.2.2 as well - and when I run that against the new master (where I''ve copied my /etc/puppet folder over incl. modules etc.), the client removes all facts etc. and does absolutely nothing. I''ve tried to change the manifest - but nothing is done anyways. I''m

Hello, Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong. For example, I have multiple hosts that all serves as monitoring server, I would like to trust only these hosts, so I enrol a certificate for these using "monitoring" principal, so I can connect only to these. At first I thought we can do Match statement at ssh_config, however, the Match is being

Hi, I just committed this: > - djm at cvs.openbsd.org 2010/04/16 01:47:26 > [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] > [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] > [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] > [sshconnect.c sshconnect2.c sshd.c] > revised certificate format ssh-{dss,rsa}-cert-v01 at

Hi, I noticed that in regress/cert-userkey.sh the signing key is added to the authorized_keys file with the tag "cert-authority" whereas in sshd(8) the tag is documented as "from=cert-authority." Since the former seems to work, I assume the latter is a typo. While on the subject of typos (which I have been known to make more than my fair share of) I noticed the phrase

Hi, I'm trying the new feature "ssh-keygen(1) now supports signing certificate using a CA key that has been stored in a PKCS#11 token". According to the manpage, I should use "-D" option. And I had a problem with this option. root at ubuntu-desktop[/home/adam/temp7]#ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id id_rsa.pub dlopen libpkcs11.so failed: libpkcs11.so:

Hi, I have a the annoying problem that the puppet master cannot connect to itself. It fails with: puppet# puppetd --test err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: tlsv1 alert decrypt error History: I have had this problem on our old puppet server: puppet.domain.com. It was annoying but not critical. Recently I built a new

I''m running a two headed puppetmaster and have disabled crl''s. Let''s call them the primary and the secondary. The primary and secondary both use the primary as their master. The secondary only is used when the primary isn''t responding (I wrap the puppetd call in cron with a short shell script) I''m managing these ca files on the masters, pushing

Hi, has anybody out there who has setup kannel on CentOS 5. I just installed from src.rpm pls see below for installed rpms. [root at mailgw ~]# rpm -qa |grep kannel kannel-1.4.1-2.rf kannel-debuginfo-1.4.1-2.rf kannel-devel-1.4.1-2.rf I want to setup kannel for sending SMS via a web browser on this CentOS 5 box. I googled a lot. But I could not find a lot of info. I think I need an external

When I use the latest puppet 0.25.1 I got the same problem. This is what I do: 0. Install the Ubuntu 8.04 server with ssh, ruby, rdoc, libopenssl- ruby and git-core (which gets removed after clone). 1. Install the latest puppet from git repositories on both machines using git clone «git clone git://github.com/reductivelabs/puppet» and «git clone git://github.com/reductivelabs/facter» 2. Install it

I left my new puppetmasterd running last night. came in with a stack trace below. A number of questions: 1. Where did /Settings come from? 2. Is there a way to dump the contents of the catalog to understand? 3. I want to change the perms for all that stuff 4. puppetd is not running on this host, does puppetmasterd act like a puppetd? notice: Compiled catalog for inst01.corp.631h.metaweb.com

Hi, My puppet master don''t want to start anymore. Any idea ? [root@puppetmaster requests]# puppet master --no-daemonize --debug debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug:

Hi friends, Somehow puppetmasterd 2.6.5 is failing to get started on Centos 5. I am getting the below error. I am yet to configure any agent with this server. puppetmasterd --no-daemonize --verbose --debug debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ dscl does not exist debug:

Moving to mongrel as our footprint has grown considerably. Configs worked fine before but for some reason we are unable to start puppet on the new host. Any help would be greatly appreciated. -jeff Centos 5 # ruby -v ruby 1.8.5 (2006-08-25) [i386-linux] # gem list mongrel *** LOCAL GEMS *** mongrel (1.0.1) A small fast HTTP library and server that runs Rails, Camping, Nitro and

Hello, Running into a problem when wanting to daemon-ize the agent. It doesnt seems to do anything: - cannot find any daemon process with (ps aux | grep puppet) - the config is not updated after editing some params on the master - /var/log/puppet stay empty... while, when logged as root, it is working without issue with $puppet agent --test. ##Conf Ubuntu 12.04 Puppet 2.7.11 ## Daemon is

Hello all, I''ve tried to run ''puppetrun'', but there seems something unconfigured regarding the certificates. The reverse way (puppetd pulls the config from puppetmasterd) works fine. The namespaceauth.conf on the client (where puppetd runs) is configured as follows: [puppetrunner] allow *.abc.net (also tried the calling host: puppet1.abc.net) But when I call

Hi All. I'm looking for some help to merge an outstanding Kerberos credential cache change from OpenBSD into Portable. I don't know enough about Kerberos to figure out how that change should be applied for the non-Heimdal(?) code path. The outstanding diff is attached. Any volunteers? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4

Here is a patch I just wrote and tested which may be of interest to those who wish to use KerberosGetAFSToken (currently requires Heimdal libkafs) in combination with GSSAPIDelegateCredentials. The patch is in the public domain and comes with no warranty whatsoever. Applies to pristine 3.8p1. Works for me on Solaris and Tru64. I'd probably have used Doug Engert's patch from 2004-01-30 if

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, I am not sure if this is the correct place to ask these question, if I am at the wrong place please advise. I am currently working on some modifications to openssh which record the users rsa/dsa identity comment file to a log file when the user logs in (password authentication is disabled). The ssh1 portion of the modification works

please test Olaf Kirch's patch. it looks fine to me, but i don't to K5. i'd like to see this in the next release. thx -m -------------- next part -------------- --- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002 +++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002 @@ -73,18 +73,17 @@ * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char