Issue #10046 has been updated by Nick Fagerlund.
Also, remember that these default settings live in two places: the example auth.conf, and the `DEFAULT_ACL` array in `lib/puppet/network/rest_authconfig.rb`. The rules in `rest_authconfig` take effect if auth.conf is missing. (Actually, they always take effect, but they're chronologically last in the ACL chain, so any rule in auth.conf that matches the same set of requests as a default rule will effectively override that default rule.) ---------------------------------------- Feature #10046: auth.conf defaults should be updated to allow authorized access to certificate interfaces: https://projects.puppetlabs.com/issues/10046 Author: Dan Bode Status: Unreviewed Priority: Normal Assignee: Category: Target version: Affected Puppet version: Keywords: Branch: the below settings are currently specified as the defaults in conf/auth.conf <pre> path /certificate/ca auth no method find allow * path /certificate/ auth no method find allow * path /certificate_request auth no method find, save allow * </pre> I think that we should change 'auth no' to 'auth any' (allowing both authenticated and unauthenticated nodes access to these interfaces). I can't actually think of any reason that we would want to allow unauthenticated hosts and not authenticated hosts access to these endpoints. Setting any by default makes remote certificate management easier by default. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
