On 08/25/2013 02:17 PM, Martin Langhoff wrote:
On Sat, Aug 24, 2013 at 5:18 PM, Jakov Sosic <[email protected]> wrote:
Only if you use autosign option. After the certificate is signed, agents
report certname and not hostname.
Well-behaved clients report certname. A malicious client could use one
cert, but report a different name. AIUI the puppet master checks the
certificate to allow connection, but uses the client-reported name to
pick the configuration served.
Hm, are you really sure about that? Can you demonstrate it?
I'm asking out of curiosity cause I've thought it can't be done.
--
Jakov Sosic
www.srce.unizg.hr
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
