On Wed, Oct 24, 2012 at 1:35 PM, Nick Fagerlund < [email protected]> wrote:
> > > On Wednesday, October 24, 2012 11:39:50 AM UTC-7, Jeff McCune wrote: >> >> >> >> Please note, I think Nick's original suggestion is slightly incorrect >> because it should now contain the "allow *.example.com" statement, as >> this would allow all agents who poses a signed certificate with a CN ending >> in example.com, regardless of their IP address. >> > > Hmm, really? I thought shell-style globbing didn't work in auth.conf > allow directives, or at least that's what I discovered way back in the day. > When we added globbing in 2.7.1, we implemented it with regular expressions > instead of shell-style globs ( > http://docs.puppetlabs.com/guides/rest_auth_conf.html#allow), hence the > allow /^(.+\.)?example.com$/ line in my example. > Right, sorry. The rules you posted are OK, it just took me a minute to grok them. -Jeff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
