Peter De Cleyn wrote: > Hi Derek, > > In our setup, the certificates pose also more problems than they add > functionality. I would love to hear of a solution to get rid of the > certificates, but until now I did not find or heard of any solution. > > Peter > On 11 Nov 2010, at 04:42, Derek J. Balling <dr...@megacity.org > <mailto:dr...@megacity.org>> wrote: > >> Has anyone had any luck in actually /disabling/ certificates entirely. >> Just trust the hostname you get from DNS and treat that info as >> authoritative. >> >> I'm in the Puppet BoF @ LISA, and (essentially) was told that's never >> going to happen, even though I have *no* need for the security that >> the certificates theoretically provide and they get in my way far more >> often than any alleged "help". >> >> Has anyone managed to just obliterate the whole certificate-nightmare >> from Puppet? Is there anyone else who thinks they add way more >> complications than they are worth?
For a lot of environments the security introduced with SSL is crucial to them using Puppet, for example there is no way a financial is going to run Puppet with appropriate encryption and authentication. That being said we have discussed alternative mechanisms - see http://projects.puppetlabs.com/issues/3958 for example - but this is not something we're currently actively pursuing. You're welcome to put your thoughts into that ticket or contact us directly if you'd like to pay us to develop the feature. Regards James -- Puppet Labs - http://www.puppetlabs.com C: 503-734-8571 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
