On 08/25/2013 02:17 PM, Martin Langhoff wrote:
On Sat, Aug 24, 2013 at 5:18 PM, Jakov Sosic <jso...@srce.hr> wrote:
Only if you use autosign option. After the certificate is signed, agents
report certname and not hostname.
Well-behaved clients report certname. A malicious client could use one
cert, but report a different name. AIUI the puppet master checks the
certificate to allow connection, but uses the client-reported name to
pick the configuration served.
Hm, are you really sure about that? Can you demonstrate it?
I'm asking out of curiosity cause I've thought it can't be done.
--
Jakov Sosic
www.srce.unizg.hr
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
