FAQ
Puppet version: 2.7.14

Puppet master behind apache with mod_proxy load balancer.
I am able to authenticate with the cert as per these headers:

Accept: s
X-SSL-Subject: /CN=puppetagent1.example.com
X-Client-DN: /CN=puppetagent1.example.com
X-Client-Verify: SUCCESS

Any idea what this error means ?
I share my ssl dir on the load balancer and the puppet master.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/u_6qf0Q0LCkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Jeff McCune at Jun 14, 2012 at 6:51 pm

    On Thu, Jun 14, 2012 at 10:19 AM, kai wrote:
    Puppet version: 2.7.14

    Puppet master behind apache with mod_proxy load balancer.
    I am able to authenticate with the cert as per these headers:

    Accept: s
    X-SSL-Subject: /CN=puppetagent1.example.com
    X-Client-DN: /CN=puppetagent1.example.com
    X-Client-Verify: SUCCESS

    Any idea what this error means ?
    It means the request isn't authorized.

    I think your problem is that the headers aren't matched up with the
    environment variables you're setting.

    In http://goo.gl/R4IoB you have this on the back end:

    SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1

    But this doesn't match the header you're setting on the front end:

    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e

    Making this match up should get you closer to your goal.

    -Jeff

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Kai at Jun 15, 2012 at 1:29 pm
    Thank you Jeff, this is exactly what the problem was. I replaced

    ssl_client_header = SSL_CLIENT_S_DN
    ssl_client_verify_header = SSL_CLIENT_VERIFY

    with

    ssl_client_verify_header = HTTP_X_CLIENT_VERIFY
    ssl_client_header = HTTP_X_CLIENT_DN

    and it worked. I was following the examples from the Pro Puppet book, but
    on different servers. Now it all works!
    On Thursday, June 14, 2012 12:19:20 PM UTC-5, kai wrote:

    Puppet version: 2.7.14

    Puppet master behind apache with mod_proxy load balancer.
    I am able to authenticate with the cert as per these headers:

    Accept: s
    X-SSL-Subject: /CN=puppetagent1.example.com
    X-Client-DN: /CN=puppetagent1.example.com
    X-Client-Verify: SUCCESS

    Any idea what this error means ?
    I share my ssl dir on the load balancer and the puppet master.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/FdAQcUzC6KQJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedJun 14, '12 at 5:19p
activeJun 15, '12 at 1:29p
posts3
users2
websitepuppetlabs.com

2 users in discussion

Kai: 2 posts Jeff McCune: 1 post

People

Translate

site design / logo © 2022 Grokbase