BAD: Key-authentication for %s failed

[Mark . Burgess]

cfengine-2.0.4a1.tar.gz is at ftp.iu.hio.no/pub/cfengine
--------------------------------------------------------

I would appreciate it if anyone has time to test out cfservd in
this version. I have been trying to solve the problem of messages
like this:

 cf:host: BAD: key could not be accepted on trust
 cf:host: Key-authentication for host.domain failed

 cf:host: BAD: Key-authentication for %s failed
 cf:host: Key-authentication for lux.iu.hio.no failed

that appear in the client, apparently at random. After a long time of
not being able to reproduce this problem, I have finally figured out
that it is coming from the server -- and that it has nothing at all to
do with public/private keys, encryption or anything of that
nature. The server typically complains with something like this:

 pthread_create failed
 create: Bad file number

 Couldn't find a public key (/var/cfengine/ppkeys/root-128.39.74.71.pub)
 open: Bad file number
 open: Bad address

This seems to come from some kind of memory corruption in the threads.
In this new release part of the problem has been solved: a misplaced
thread_mutex that could allow DNS reverse-lookup info to become
corrupt in concurrent threads. This would lead to some messages of this
type. 

However, although -- under stress -- the number of these occurrences seems
to be reduced in 2.0.4a1, the problem is not gone. It seems to occur
after about half a day here, all at once. i.e. something is triggering it,
and I have no explanation for it as yet.

The error messages reported by pthread_create() and fopen() do not
arise from those calls -- those calls do not return those errors
(e.g. bad address). This suggests to me that there is still a stack
problem with pthreads, but I am at a bit of a loss to explain it.

I would be very greatful if any of you feel like testing this new
cfservd. I have been running it for several days here and it performs
as well as earlier versions, so there are no additional risks to
running it compared to other versions.

If anyone has fancy memory software (purify etc) that can handle threads,
then perhaps you can find something that I have forgotten.

I am running this on Solaris 2.7 and am conscious that the problem might
be caused by 64/32 bit compiler issues, but I hope not.

Any help appreciated,
thanks
Mark

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~