Issue #16001 has been updated by eric sorenson. Status changed from Unreviewed to Duplicate
Duplicate of an earlier ticket, see the conversation there. #7244. ---------------------------------------- Feature #16001: Hook to authorize a cert to be signed https://projects.puppetlabs.com/issues/16001#change-69272 Author: Gerard Hickey Status: Duplicate Priority: Normal Assignee: Category: server Target version: Affected Puppet version: Keywords: Branch: Using autosign.conf is not granular enough (and open to spoofing). This feature request proposes extending autosign.conf to allow an external script to be called to authorize the signing of the certificate. I propose extending autosign.conf with the following syntax. exec CMD [ARG....] The CMD would be called for each signing request and return either 'NO' or 'YES'. There should probably be a way to support setting a timeout value for the command execution (in case there is an application where the database calls take a long time to come back). It may also be nice to have a "ruby" directive to execute ruby code directly without incurring the cost of having to spawn another process. But given the number of times it would get called and the frequency the general purpose exec directive would work well enough. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
