www.delorie.com/gnu/docs/cfengine/cfengine-Reference_139.html   search  
 
Buy GNU books!


GNU cfengine

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

4.1.15 DynamicAddresses

Hosts which are included in this list are assumed to have IP addresses which can change with time, e.g. hosts which are given IP addresses by DHCP or a BOOTP like protocol.

 
     control:

      DynamicAddresses = ( 128.39.74.100-200 )  # DHCP range

If cfservd receives a connection from an IP address that is in this list, and trustkey is true, the existing key for that IP address can be replaced with a new key, and the old key is recorded in a "used keys" list, access is granted. If trust is switched off, the server looks in the "used key list" to see if the key has been seen before. If not access is refused. If it has been seen before -- it uses this earlier trust to accept the connection and replace the IP-key binding.

Note that used keys are kept in a database for easy lookup, whereas fixed keys are kept in files for easy administration. If host keys change or are reinstalled on the dynamically allocated hosts, then this database should probably be deleted to purge keys that become illegal.


  webmaster   donations   bookstore     delorie software   privacy  
  Copyright 2003   by The Free Software Foundation     Updated Jun 2003