So if I want to control access I should do so within my webapp which would only limit users based on the ACLs I setup. I'll give this a try.
BTW, Who works at Tennessee Tech? I took a year of CS at TTU back in 1998. On Feb 17, 1:59 pm, Luke Kanies <l...@puppetlabs.com> wrote: > On Feb 17, 2011, at 11:42 AM, Corey Osman wrote: > > > > > > > Hi, > > > I am trying to use the puppet api to pull information from the > > puppetmaster via a flash/flex application which runs inside the > > browser. Because the code is written in flash/flex there is no > > server side actions as its all done via the client browser. In order > > for the client to access the data, its my understanding that the > > puppetmaster has to have a signed certificate. So my question is how > > to I get a properly signed certificate from puppetmaster to the > > browser so that the browser can pull data? > > > To test this I try and retrieve information directly from the browser > > by using > > thehttps://puppetmaster:8140/production/catalog/puppetagent.domain.com > > > I get the following error after accepting the server certificate > > > error: > > Forbidden request: 192.168.11.33 access to /puppetmaster/catalog/ > > puppetagent.domain.com [find] at line 93 > > > I assume at this point the puppetmaster does not trust my browser > > because the cert the browser is using has never been signed by > > puppetmaster. Additionally, I don't even know what cert the browser > > is using and where it is stored. > > > Any ideas? > > > I am using firefox on OS X. However, the client app could be on any > > flash approved platform. > > You could actually allow unauthenticated access, and that's probably the best > plan in this case. > > You can see from this example file: > > http://trac.cae.tntech.edu/infrastructure/browser/puppet/auth.conf > > It shouldn't be too hard to give direct access to certain calls, and some of > them are pretty risk-free, such as browsing the resource types. > > -- > Susskind's Rule of Thumb: > Don't ask what they think. Ask what they do. > --------------------------------------------------------------------- > Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.