Issue #16001 has been reported by Gerard Hickey.
----------------------------------------
Feature #16001: Hook to authorize a cert to be signed
https://projects.puppetlabs.com/issues/16001
Author: Gerard Hickey
Status: Unreviewed
Priority: Normal
Assignee:
Category: server
Target version:
Affected Puppet version:
Keywords:
Branch:
Using autosign.conf is not granular enough (and open to spoofing).
This feature request proposes extending autosign.conf to allow an external
script to be called to authorize the signing of the certificate. I propose
extending autosign.conf with the following syntax.
exec CMD [ARG....]
The CMD would be called for each signing request and return either 'NO' or
'YES'. There should probably be a way to support setting a timeout value for
the command execution (in case there is an application where the database calls
take a long time to come back).
It may also be nice to have a "ruby" directive to execute ruby code directly
without incurring the cost of having to spawn another process. But given the
number of times it would get called and the frequency the general purpose exec
directive would work well enough.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
