www.delorie.com/gnu/docs/cfengine/cfengine-Reference_143.html   search  
 
Buy GNU books!


GNU cfengine

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

4.2.3 SkipVerify

If connecting hosts use a Network Address Translator in order to share an IP address, reverse lookup will fail to give a correct verification of host identity. You can switch off cfservd's verification of IP host identity for specific IP addresses or patterns using this command. E.g.

 
SkipVerify = ( 192.0.0.10  192.0.2.  )

This does not affect key verification.

NOTE!! This is a security risk because it means that cfservd implicitly trusts the connecting hosts! You should be very careful in using Network Address Translators in a secure environment. It is not recommended for sites which require a high level of security.


  webmaster   donations   bookstore     delorie software   privacy  
  Copyright 2003   by The Free Software Foundation     Updated Jun 2003