Re: cmclconfd running with weak security (identd disabled)

Carme Torca · ‎12-11-2006

Hi,

Last day I reboot this server. It has on the /etc/inetd.conf

hacl-cfg dgram udp wait root /usr/lbin/cmclconfd cmclconfd -p
hacl-cfg stream tcp nowait root /usr/lbin/cmclconfd cmclconfd -c -i

but there are a lot of messages at the syslog.log about "cmclconfd running with weak security (identd disabled)". Before the reboot only one message was out, but now every minute outs this messages.

Could anyone help me?

Thanks a lot of
Carmen.

Dec 11 16:48:17 sapcsp0 cmclconfd[8625]: cmclconfd running with weak security (identd disabled)

Dec 11 16:48:17 sapcsp0 cmclconfd[8627]: cmclconfd running with weak security (identd disabled)

Users are not too bad ;-)

Peter Godron · ‎12-11-2006

Carmen,
have you applied all recent patches ?
What version are you running ?

Possible patches:
PHSS_31075
PHSS_32731

Also:
http://docs.hp.com/en/B9903-90048/ch01s05.html

"JAGaf55446: Setting cmclconfd -i in inetd.conf results in too many messages in syslog

What is the problem? Setting cmclconfd -i sets Serviceguard in â weak securityâ mode. This results in messages in the syslog of the form â cmclconfd[27694]: cmclconfd running with weak security (identd disabled)â . This is logged any time cmclconfd daemon is started.

What is the workaround? There is no workaround at this time."

Carme Torca · ‎12-11-2006

Hi,

The server hasn't got this patxes. The Service Guard's version is A.11.16.00.

I only want to know if its normal that appears a lot of messages at the syslog.log about that, because before the reboot they only appers one time.

Thanks,
Carmen.

Users are not too bad ;-)

Peter Godron · ‎12-11-2006

Hi,
my understanding is that these are Warning messages. The patches (or equivalent for your level of OS) may stop the messages coming through.

Also, the last link I gave to the doc, is actually for Linux, but probably still true for HP.

So, if you get annoyed by the messages, I would look at the patch database, otherwise I would ignore.

Carme Torca · ‎12-11-2006

If you can see if there are more patches, I'll thanks you!!,

Users are not too bad ;-)

Stephen Doud · ‎12-12-2006

The syslog messages occur whenever the hacl-cfg ports are being 'tickled' either by Serviceguard commands or external queries, or port scanners.
Seeing several of them may indicate a run-away Serviceguard command, such as cmgetconf.

I recommend configuring your servers to avoid having to rely on the '-i' option in /etc/inetd.conf: hacl-cfg ... cmclconfd -c -i

Doing so will eliminate the "weak security" messages altogether.

Peter Godron · ‎12-13-2006

Carmen,
can't find any specific patches for this, so can you implement Stephen's solution.

If this resolves your problem, please award points, summarise the solution and close the thread.

Doing this will help other people resolve similar problem.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: cmclconfd running with weak security (identd disabled)

cmclconfd running with weak security (identd disabled)