On Mar 5, 2011, at 12:32 PM, James Turnbull wrote:
> puppet.conf:
> [roles]
> admin=APIkey
> ...
> auth.conf:
> allow admin
I agree that this seems like a step up from host-based auth. I don't see how
it's role-based, aside from calling it a "role" in puppet.conf. No, I take
that back. If th
Randall Hansen wrote:
>
> In that case, how do you revoke a user's role? Disabling the key would be
> like removing the role entirely, revoking access for everyone else with the
> key.
Or changing the key too. Not sure - that'd need some thought.
>
> What is the source of truth? If we stor