From d2884184607fed7785f37634f621b8288a3a106d Mon Sep 17 00:00:00 2001 From: Sol Jerome Date: Thu, 4 Feb 2010 21:55:16 +0000 Subject: SSL fingerprint is deprecated Removing all references to the old method of using fingerprints to verify the server you are communicating with. The new way to do this is to use the 'ca' option in bcfg2.conf along with the bcfg2 server's CA certificate. Signed-off-by: Sol Jerome git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5712 ce84e21b-d406-0410-9b95-82705330c041 --- doc/authentication.txt | 5 +---- doc/client/tools/yumng.txt | 1 - doc/quickstart/centos.txt | 3 --- examples/TGenshi/tmp/bar/template.txt | 1 - man/bcfg2.1 | 3 --- src/lib/Options.py | 3 --- 6 files changed, 1 insertion(+), 15 deletions(-) diff --git a/doc/authentication.txt b/doc/authentication.txt index ae585da5b..a7baa78d2 100644 --- a/doc/authentication.txt +++ b/doc/authentication.txt @@ -45,16 +45,13 @@ bcfg2.conf from the per-client metadata:: #else password = my-password-foobat #endif - fingerprint = d8b7423da5d8ccd0f3db29742fc8eed00b9d0848 [components] bcfg2 = https://localhost:6789 In this setup, this will cause any clients that have uuids established to be set to use them in bcfg2.conf. It will also cause any clients -with passwords set to use them instead of the global password. The -fingerprint needs to be manually set, per-server, using the output of -"bcfg2-admin fingerprint". +with passwords set to use them instead of the global password. How Authentication Works ======================== diff --git a/doc/client/tools/yumng.txt b/doc/client/tools/yumng.txt index cb749ba7f..178bba6ec 100644 --- a/doc/client/tools/yumng.txt +++ b/doc/client/tools/yumng.txt @@ -136,7 +136,6 @@ A number of paramters can be set in the client configuration for both the RPMng protocol = xmlrpc/ssl password = xxxxxx user = yyyyyyy - fingerprint = 1234567890abcdef [components] bcfg2 = https://bcfg2:6789 diff --git a/doc/quickstart/centos.txt b/doc/quickstart/centos.txt index d8668f0e2..4dfa70523 100644 --- a/doc/quickstart/centos.txt +++ b/doc/quickstart/centos.txt @@ -367,7 +367,6 @@ Generate Pkgmgr listing Now when we run bcfg2, we see Correct entries:: [root@centos ~]# bcfg2 -vqn - no server x509 fingerprint; no server verification performed! Loaded tool drivers: Action Chkconfig FreeBSDInit POSIX YUMng @@ -499,8 +498,6 @@ section of bcfg2.conf:: protocol = xmlrpc/ssl password = N41lMNeW key = /etc/bcfg2.key - # fingerprint of server (from bcfg2-admin fingerprint) - #fingerprint = [server fingerprint] [components] bcfg2 = https://centos:6789 diff --git a/examples/TGenshi/tmp/bar/template.txt b/examples/TGenshi/tmp/bar/template.txt index 3e43340fe..dbf482c22 100644 --- a/examples/TGenshi/tmp/bar/template.txt +++ b/examples/TGenshi/tmp/bar/template.txt @@ -11,7 +11,6 @@ password = $metadata.password password = GlobalPassword #end #end -fingerprint = ac152f42f03253a30d3379dea88eddf2be033d47 [client] drivers = Action,Chkconfig,POSIX,YUMng diff --git a/man/bcfg2.1 b/man/bcfg2.1 index 582cfe34d..91e8c96ed 100644 --- a/man/bcfg2.1 +++ b/man/bcfg2.1 @@ -31,9 +31,6 @@ verify/install ConfigFiles, etc) .BR "\-E " Specify the encoding of Cfg files. .TP -.BR "\-F " -Specify the server fingerprint. -.TP .BR "\-I" Run bcfg2 in interactive mode. The user will be prompted before each change. diff --git a/src/lib/Options.py b/src/lib/Options.py index a983e8827..c67fde910 100644 --- a/src/lib/Options.py +++ b/src/lib/Options.py @@ -274,9 +274,6 @@ CLIENT_DLIST = Option('run client in server decision list mode', default=False, cmd='-l', odesc='') CLIENT_FILE = Option('configure from a file rather than querying the server', default=False, cmd='-f', odesc='') -SERVER_FINGERPRINT = Option('Server Fingerprint', default=[], cmd='-F', - cf=('communication', 'fingerprint'), - odesc='', cook=flist_split) CLIENT_QUICK = Option('disable some checksum verification', default=False, cmd='-q', ) CLIENT_USER = Option('the user to provide for authentication', default='root', -- cgit v1.2.3-1-g7c22