Client / Server communication issues
Nathanael D. Noblet
nathanael at gnat.ca
Mon Nov 25 23:03:52 CET 2013
Hello,
So I've continued the last few days trying to get a dracut module
working with mandos. I've run into a couple of issues.
#1 - It seems the mandos client never stops trying to communicate
with a server. There seems to be only two ways for the client to end
communications - receiving a SIGTERM or getting the password. It would
seem good if we could ask the client to cease communicating after a
certain number of attempts. The current dracut crypt module passes a
number of tries for both the plymouth and consoles. One thing to note
this applies more to the long term servers like CentOS and friends. As
such I've created a patch as a proof of concept. I actually haven't
tested it because I'm getting stuck on the issue below. However for
dracut it might be nice to die after a configurable number of tries.
#2 - I seem to have tls handshake issues depending on what
client/server is being used. Originally I thought I had everything fixed
by removing some of the lines in the default priority on the server so
that it was only SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP. This seemed to
allow a ubuntu client to talk to a fedora server. The same server has a
handshake issue when a centos client tries talking to it. The client is
running 1.6.2. Oddly enough that very same client can successfully talk
to a CentOS server. Everything is running 1.6.2 except for ubuntu which
has 1.6.0.
Server Ubuntu(1.6.0) Centos(1.6.2)
F20(1.6.2) Yes No
CentOS(1.6.2) Yes Yes
Thoughts?
--
Nathanael d. Noblet
t 403.875.4613
-------------- next part --------------
A non-text attachment was scrubbed...
Name: quit-after-tries.diff
Type: text/x-patch
Size: 1578 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20131125/b84692be/attachment.bin>
More information about the Mandos-Dev
mailing list