On 1/23/2013 12:22 PM, Jist Anidiot wrote:
On Tuesday, January 22, 2013 4:04:22 PM UTC-5, jcbollinger wrote:You are correct that that only the identity of the client node is authenticated by Puppet, and even that only insomuch as the client can be relied upon to protect its SSL certificate. The $hostname fact cannot be relied upon to convey that information, as it doesn't in any sense need to be the same thing; you're looking for $certname. It is, however, $certname (not $hostname) by which a node block is selected and/or an ENC queried, so Puppet's architectural foundation is secure in that regard. Do you mean the $clientcert variable which is described at http://docs.puppetlabs.com/guides/faq.html#are-there-variables-available-other-than-those-provided-by-facter I don't seem to have a $certname variable (I'm using puppet 3). Thanks in advance.
You would set certname = some.host.example.com in puppet.conf or use --certname some.host.example.com on the command line else certname defaults to nodename which defaults to fqdn. However clientcert is the resulting fact you would access within Puppet.
Ramin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
