On Tuesday, June 18, 2013 5:36:30 AM UTC-7, Erik Dalén wrote: > Seems like a decent alternative would be to just have a second > webservice/on top of puppet that allows agents to authenticate with their > kerberos token and authorize their SSL certificate request that way. That > should be fairly easy to build with just some fiddling with mod auth kerb, > apache configs and puppet auth.conf. > > In our case the obvious external certificate signing service would be Microsoft Certificate Services. However if we can pull off Kerberos authentication then we do not need to deploy and maintain that service.
-- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-dev. For more options, visit https://groups.google.com/groups/opt_out.
