Issue #7589 has been reported by John Morton.
----------------------------------------
Bug #7589: auth.conf and FQDNs ending in a dot
https://projects.puppetlabs.com/issues/7589
Author: John Morton
Status: Unreviewed
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version:
Keywords:
Branch:
I like to use fully qualified domain names that include a trailing dot to avoid
search domain spoofing. This pretty much works everywhere, except using the
default auth.conf stanza for catalog access:
path ~ ^/catalog/([^/]+)$
method find
allow $1
The problem isn't the regexp — that works a treat — it appears to be in the
code that executes the allow statement. In spite of the output logs displaying
the FQDN with a dot, somewhere in the processing, the dot is stripped, and so
access is denied, eg:
Denying access: Forbidden request: hawea.bluewaternz.com.(192.168.2.51)
access to /catalog/hawea.bluewaternz.com. [find] authenticated at line 52
I've worked around the problem with this hack that allows both domain names,
but it's a bit of a hack:
path ~ ^/catalog/(([^/]+?)\.?)$
method find
allow $1, $2
More details on the dot:
http://dns-sd.org./TrailingDotsInDomainNames.html
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/web-fully-qualified-domain-name.html
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
