On Thu, Jun 14, 2012 at 10:19 AM, kai <kaiva...@gmail.com> wrote: > Puppet version: 2.7.14 > > Puppet master behind apache with mod_proxy load balancer. > I am able to authenticate with the cert as per these headers: > > Accept: s > X-SSL-Subject: /CN=puppetagent1.example.com > X-Client-DN: /CN=puppetagent1.example.com > X-Client-Verify: SUCCESS > > Any idea what this error means ?
It means the request isn't authorized. I think your problem is that the headers aren't matched up with the environment variables you're setting. In http://goo.gl/R4IoB you have this on the back end: SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1 But this doesn't match the header you're setting on the front end: RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e Making this match up should get you closer to your goal. -Jeff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.