CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: replication behind load balancer

> I added the opposite blade's IP address to the /etc/hosts file on each 
> blade.  Now, communication between cosignd processes is not crossing the 
> load balancer, so I think I am just dealing with cosign configuration 
> issues at this point.

Then why is it coming from the external IP, I wonder?  Is
cosignd/monster properly getting host=>ip lookups?  Too
many programs nowadays have a tendancy to be ignorant of
/etc/hosts entries and trust DNS regardless.  curl springs
to mind.  Quite annoying.

I'd to a 'tcpdump -s0 -i internal port 6663 -w tcpdump.out' on the BigIP
and see if your packets are hitting the BigIP, just to be sure.

> I get a "CHILD xxxxx talking to itself" error in the other host's 
> log file.

I don't yet have replication or multiple cosign daemons at all, and I
get this - is this expected?

Brian Hatch                  "Be liberal in what you
   Systems and                accept, and conservative
   Security Engineer          in what you send."     --RFC1123.  If only the
                              rest of the world agreed...
Every message PGP signed

Attachment: signature.asc
Description: Digital signature

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010