On Tue, Apr 26, 2011 at 4:10 AM, Matt Wise <[email protected]> wrote:
> > I'd like to have our nodes able to do this ONCE ... only when they generate > their CSR. After that, I'd like their 'base_class' to be embedded in the CSR > (And subsequently the CERT), so that a client cannot later change its mind > about what kind of host it is. Are you primarily concerned with clients using the correct class by default or protecting information in classes so that only specific hosts can access it? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
