[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BAD: Key-authentication for %s failed
From: |
Mark . Burgess |
Subject: |
BAD: Key-authentication for %s failed |
Date: |
Fri, 23 Aug 2002 10:42:58 +0200 (MET DST) |
cfengine-2.0.4a1.tar.gz is at ftp.iu.hio.no/pub/cfengine
--------------------------------------------------------
I would appreciate it if anyone has time to test out cfservd in
this version. I have been trying to solve the problem of messages
like this:
cf:host: BAD: key could not be accepted on trust
cf:host: Key-authentication for host.domain failed
cf:host: BAD: Key-authentication for %s failed
cf:host: Key-authentication for lux.iu.hio.no failed
that appear in the client, apparently at random. After a long time of
not being able to reproduce this problem, I have finally figured out
that it is coming from the server -- and that it has nothing at all to
do with public/private keys, encryption or anything of that
nature. The server typically complains with something like this:
pthread_create failed
create: Bad file number
Couldn't find a public key (/var/cfengine/ppkeys/root-128.39.74.71.pub)
open: Bad file number
open: Bad address
This seems to come from some kind of memory corruption in the threads.
In this new release part of the problem has been solved: a misplaced
thread_mutex that could allow DNS reverse-lookup info to become
corrupt in concurrent threads. This would lead to some messages of this
type.
However, although -- under stress -- the number of these occurrences seems
to be reduced in 2.0.4a1, the problem is not gone. It seems to occur
after about half a day here, all at once. i.e. something is triggering it,
and I have no explanation for it as yet.
The error messages reported by pthread_create() and fopen() do not
arise from those calls -- those calls do not return those errors
(e.g. bad address). This suggests to me that there is still a stack
problem with pthreads, but I am at a bit of a loss to explain it.
I would be very greatful if any of you feel like testing this new
cfservd. I have been running it for several days here and it performs
as well as earlier versions, so there are no additional risks to
running it compared to other versions.
If anyone has fancy memory software (purify etc) that can handle threads,
then perhaps you can find something that I have forgotten.
I am running this on Solaris 2.7 and am conscious that the problem might
be caused by 64/32 bit compiler issues, but I hope not.
Any help appreciated,
thanks
Mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: address@hidden
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- BAD: Key-authentication for %s failed,
Mark . Burgess <=