Issue #7589 has been updated by James Turnbull. Status changed from Accepted to Needs More Information Assignee set to John Morton
John - what is the affected version of this? ---------------------------------------- Bug #7589: auth.conf and FQDNs ending in a dot https://projects.puppetlabs.com/issues/7589 Author: John Morton Status: Needs More Information Priority: Normal Assignee: John Morton Category: Target version: 2.7.x Affected Puppet version: Keywords: Branch: I like to use fully qualified domain names that include a trailing dot to avoid search domain spoofing. This pretty much works everywhere, except using the default auth.conf stanza for catalog access: path ~ ^/catalog/([^/]+)$ method find allow $1 The problem isn't the regexp — that works a treat — it appears to be in the code that executes the allow statement. In spite of the output logs displaying the FQDN with a dot, somewhere in the processing, the dot is stripped, and so access is denied, eg: Denying access: Forbidden request: hawea.bluewaternz.com.(192.168.2.51) access to /catalog/hawea.bluewaternz.com. [find] authenticated at line 52 I've worked around the problem with this hack that allows both domain names, but it's a bit of a hack: path ~ ^/catalog/(([^/]+?)\.?)$ method find allow $1, $2 More details on the dot: http://dns-sd.org./TrailingDotsInDomainNames.html http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/web-fully-qualified-domain-name.html -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
