Also by ensuring the client private key has similar permissions.
plugin.ssl_client_private in client.cfg if 'securityprovider = ssl' is set.
Possibly also plugin.activemq.pool.1.ssl.key.
The other certificates should not be writable by non-authorized users as
well.
On Tue, Jun 21, 2016 at 2:42
Thanks Michael!
I understand the inter-node security. I'm trying to answer our internal
security folks about how execution of mco commands is restricted on a
(authorized) node to root or authorized users. It appeared to me that this
was accomplished by having the config files be 600.
On Tue, Jun
There is a section of PE docs that talks about MCollective security as
setup by PE (
https://docs.puppet.com/pe/latest/orchestration_overview.html#security), as
well as points to security notes in the OSS MCollective docs.
In short, having the contents of the config files is sufficient to connect
And for everyone who is wondering what bugs; I'm unintentionally cross posting
so that's really just for Geoffery
> On Jun 21, 2016, at 16:20, Shawn Ferry wrote:
>
> Did you see the recent spate of mcollective bugs that were just filed?
>
> On of them does talk a
Did you see the recent spate of mcollective bugs that were just filed?
On of them does talk a about file perms iirc
Shawn
> On Jun 21, 2016, at 16:06, Geoffrey Gardella wrote:
>
> Hi All,
> working on our port of MCollective into Solaris. I wanted to confirm that we
>