On Wednesday, October 24, 2012 11:39:50 AM UTC-7, Jeff McCune wrote: > > > > Please note, I think Nick's original suggestion is slightly incorrect > because it should now contain the "allow *.example.com" statement, as > this would allow all agents who poses a signed certificate with a CN ending > in example.com, regardless of their IP address. >
Hmm, really? I thought shell-style globbing didn't work in auth.conf allow directives, or at least that's what I discovered way back in the day. When we added globbing in 2.7.1, we implemented it with regular expressions instead of shell-style globs (http://docs.puppetlabs.com/guides/rest_auth_conf.html#allow), hence the allow /^(.+\.)?example.com$/ line in my example. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ngv1CaHCZ98J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.