On 22.1.2013 23:04, jcbollinger wrote: > You are correct that that only the identity of the client node is > authenticated by Puppet, and even that only insomuch as the client can > be relied upon to protect its SSL certificate. The $hostname fact > cannot be relied upon to convey that information, as it doesn't in any > sense need to be the same thing; you're looking for $certname. It is, > however, $certname (not $hostname) by which a node block is selected > and/or an ENC queried, so Puppet's architectural foundation is secure in > that regard. > > You are also right that a compromised client can, in principle, falsify > the fact values presented to the master in an attempt to make it divulge > secret information. Whether the master might actually divulge anything > is a function of the manifests with which site administration has > configured it. In other words, that's a question of how Puppet is used, > not of the fundamental security of Puppet itself. > > To the extent that you want to record server-side node data, I think > hiera is the way to go. I prefer that to encoding data in an ENC or in > your manifests, but those are some of the other options. All of those > are secure to the extent that the master itself is secure, though I > wouldn't say that any of them were designed specifically as a secure > alternative to node facts.
Hello, Yes, I agree it is a problem of the usage, rather than puppet itself. Thanks for the confirmation! Best regards, Boyan
signature.asc
Description: OpenPGP digital signature