Issue #7014 has been updated by Daniel Pittman.
Nick Fagerlund wrote: > No, this is actually even better: @ signs are totally okay in node certnames, > **as long as the certname doesn't also have a period in it.** So barn2@magpie > is fine and can fetch catalogs, but [email protected] will fail. Wow, that stuff is crazy. Long term we should support the CN/DN content of certificates properly, which means "as a DNS label for DNS entries", as email for email, etc, etc. In the immediate term I would support rejecting these for the sake of our sanity. ---------------------------------------- Bug #7014: certnames with @ symbols don't pass through auth.conf https://projects.puppetlabs.com/issues/7014#change-54621 Author: Matt Robinson Status: Accepted Priority: Normal Assignee: Category: security Target version: Affected Puppet version: Keywords: Branch: In lib/puppet/network/authstore.rb line 242ish a case statement deals with certnames with @ symbols in way that makes it so that they'll never match auth.conf rules for hosts. The easy workaround is, of course, not to use certnames with at symbols. We really ought to stop conflating host, name and certname in this area of code also, because it makes it REALLY hard to read. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
