mjz, thanks for all of your work on this! This is really cool. I glanced at your changes and noticed that it is turning into a shotgun across the codebase. I'm wondering if there is some sort of "generic auth/authz" api that puppet could have around kerberos/spnego and x.509 certs. Obviously the command line utilities will need to exist for managing certs, but maybe internal to the code there are some clearer separations that could be made. The idea of a certificate shows up all over the place in puppet and with kerberos it probably shouldn't. Or at least it shouldn't show up in the same form.
On Tue, Aug 6, 2013 at 3:31 PM, <[email protected]> wrote: > Back in June I started working on Kerberos agent authentication. We > discussed this here: > https://groups.google.com/d/topic/puppet-dev/IQhPnvBgfaE/discussion > > I was pulled away from this work for the bulk of July, but have been able > to get back to it over the last week. > > I now have a very early draft of an armature here: > https://github.com/mzeren-vmw/armatures/commits/kerberos/prototype01 > > And two *prototype* patches for agent and master changes here: > https://github.com/mzeren-vmw/puppet/commits/kerberos/prototype01 > > These documents and changes should be useful for further discussion. > Please note that the patches are not intended to be submission quality, but > rather to outline the scope and nature of the necessary changes. That said > I would be happy to get implementation suggestions and style corrections > etc. > > I have only a few full time days left on this project, but hope to > continue to evolve it after hours over the coming weeks. > > mjz > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/puppet-dev. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- Andrew Parker [email protected] Freenode: zaphod42 Twitter: @aparker42 Software Developer *Join us at PuppetConf 2013, August 22-23 in San Francisco - * http://bit.ly/pupconf13* **Register now and take advantage of the Final Countdown discount - save 15%!* -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-dev. For more options, visit https://groups.google.com/groups/opt_out.
