Issue #1940 has been updated by Nigel Kersten.
Trevor, I was actually looking at replacing SSL certs with Kerberos, and there's some misconceptions here. Kerberos principals can also be used to encrypt data and to authenticate. The only meaningful difference is that SSL uses public key cryptography, whereas Kerberos uses a trusted 3rd party. For many organizations, distribution of Kerb principals is a solved problem. It's something that is tightly integrated with many directory service deployments. Unfortunately it looks like the Ruby Kerberos bindings are non functional and unloved right now, so it's not really an option, but I think allowing us to write our own modular systems to replace SSL certs would be immensely useful. ---------------------------------------- Feature #1940: puppet have more modular security interfaces http://projects.puppetlabs.com/issues/1940 Author: Steven Jenkins Status: Accepted Priority: Low Assigned to: Category: Target version: Affected version: 0.24.7 Keywords: Branch: Instead of relying on only SSL, it would be useful for Puppet to leverage other systems like: - Kerberos - LDAP This would allow Puppet to more cleanly integrate with an infrastructure's existing security mechanisms. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
