Issue #7589 has been updated by James Turnbull.

Status changed from Accepted to Needs More Information
Assignee set to John Morton

John - what is the affected version of this?
----------------------------------------
Bug #7589: auth.conf and FQDNs ending in a dot
https://projects.puppetlabs.com/issues/7589

Author: John Morton
Status: Needs More Information
Priority: Normal
Assignee: John Morton
Category: 
Target version: 2.7.x
Affected Puppet version: 
Keywords: 
Branch: 


I like to use fully qualified domain names that include a trailing dot to avoid 
search domain spoofing. This pretty much works everywhere, except using the 
default auth.conf stanza for catalog access:

    path ~ ^/catalog/([^/]+)$
    method find
    allow $1
    
The problem isn't the regexp — that works a treat — it appears to be in the 
code that executes the allow statement. In spite of the output logs displaying 
the FQDN with a dot, somewhere in the processing, the dot is stripped, and so 
access is denied, eg:

    Denying access: Forbidden request: hawea.bluewaternz.com.(192.168.2.51) 
access to /catalog/hawea.bluewaternz.com. [find] authenticated  at line 52

I've worked around the problem with this hack that allows both domain names, 
but it's a bit of a hack:

    path ~ ^/catalog/(([^/]+?)\.?)$
    method find
    allow $1, $2
    
More details on the dot:

http://dns-sd.org./TrailingDotsInDomainNames.html
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/web-fully-qualified-domain-name.html



-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to