On Feb 17, 2011, at 2:22 PM, Corey Osman wrote: > So if I want to control access I should do so within my webapp which > would only limit users based on the ACLs I setup. I'll give this a > try.
I'm definitely interested in the results of your experiment. > BTW, Who works at Tennessee Tech? I took a year of CS at TTU back in > 1998. I believe Steven Jenkins put that up, but I'm not positive. > On Feb 17, 1:59 pm, Luke Kanies <l...@puppetlabs.com> wrote: >> On Feb 17, 2011, at 11:42 AM, Corey Osman wrote: >> >> >> >> >> >>> Hi, >> >>> I am trying to use the puppet api to pull information from the >>> puppetmaster via a flash/flex application which runs inside the >>> browser. Because the code is written in flash/flex there is no >>> server side actions as its all done via the client browser. In order >>> for the client to access the data, its my understanding that the >>> puppetmaster has to have a signed certificate. So my question is how >>> to I get a properly signed certificate from puppetmaster to the >>> browser so that the browser can pull data? >> >>> To test this I try and retrieve information directly from the browser >>> by using >>> thehttps://puppetmaster:8140/production/catalog/puppetagent.domain.com >> >>> I get the following error after accepting the server certificate >> >>> error: >>> Forbidden request: 192.168.11.33 access to /puppetmaster/catalog/ >>> puppetagent.domain.com [find] at line 93 >> >>> I assume at this point the puppetmaster does not trust my browser >>> because the cert the browser is using has never been signed by >>> puppetmaster. Additionally, I don't even know what cert the browser >>> is using and where it is stored. >> >>> Any ideas? >> >>> I am using firefox on OS X. However, the client app could be on any >>> flash approved platform. >> >> You could actually allow unauthenticated access, and that's probably the >> best plan in this case. >> >> You can see from this example file: >> >> http://trac.cae.tntech.edu/infrastructure/browser/puppet/auth.conf >> >> It shouldn't be too hard to give direct access to certain calls, and some of >> them are pretty risk-free, such as browsing the resource types. >> >> -- >> Susskind's Rule of Thumb: >> Don't ask what they think. Ask what they do. >> --------------------------------------------------------------------- >> Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199 > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to puppet-dev@googlegroups.com. > To unsubscribe from this group, send email to > puppet-dev+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > -- The Internet, of course, is more than just a place to find pictures of people having sex with dogs. -- Time Magazine, 3 July 1995 --------------------------------------------------------------------- Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
