On 08/25/2013 02:17 PM, Martin Langhoff wrote:
On Sat, Aug 24, 2013 at 5:18 PM, Jakov Sosic wrote:
Only if you use autosign option. After the certificate is signed, agents
report certname and not hostname.
Well-behaved clients report certname. A malicious client could use one
cert, but report a different name. AIUI the puppet master checks the
certificate to allow connection, but uses the client-reported name to
pick the configuration served.
Hm, are you really sure about that? Can you demonstrate it?

I'm asking out of curiosity cause I've thought it can't be done.

Jakov Sosic

You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 11 of 17 | next ›
Discussion Overview
grouppuppet-users @
postedAug 23, '13 at 4:03p
activeAug 30, '13 at 1:28p



site design / logo © 2021 Grokbase