On Nov 10, 7:42 pm, Derek J. Balling <dr...@megacity.org> wrote: > Has anyone had any luck in actually disabling certificates entirely. Just > trust the hostname you get from DNS and treat that info as authoritative. > > I'm in the Puppet BoF @ LISA, and (essentially) was told that's never going > to happen, even though I have *no* need for the security that the > certificates theoretically provide and they get in my way far more often than > any alleged "help". > > Has anyone managed to just obliterate the whole certificate-nightmare from > Puppet? Is there anyone else who thinks they add way more complications than > they are worth? >
Derek, >From your comment in #3958 I think autosign[1] with "*.domain.tld" would work for you. There are more complicated methods of supporting transient hosts, such as in "the cloud", where not even the hostname is consistent. I suspect that may be more work than you're looking for. [1] http://projects.puppetlabs.com/projects/puppet/wiki/Certificates_And_Security -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
