Hi, i've got a strange problem with my server-side /etc/puppet/auth.conf. The auth.conf is out-of-the-box, so the cert stuff looks basically like this:
# allow access to the CA certificate; unauthenticated nodes need this # in order to validate the puppet master's certificate path /certificate/ca auth any method find allow * # allow nodes to retrieve the certificate they requested earlier path /certificate/ auth any method find allow * # allow nodes to request a new certificate path /certificate_request auth any method find, save allow * # deny everything else; this ACL is not strictly necessary, but # illustrates the default policy. path / auth any Now, when a client connects to the server (for the first time, so it shoud be the cert request), I get "400 permission denied" for all clients. Network connectivity works, no iptables, 8140 is open and when I relax my auth.conf to something like this: path / auth any allow * clients can register and everything works. Now, this is nothing I want to have in production :) a debug run with the master ( puppet master --no-daemonize --debug --trace --verbose) gives me a lot of information, but not what makes the master throw a permission denied. (and especially what rule in the auth.conf makes him do so...) Any idea what might be wrong here? Master is a 3.4.3. thanks & best regards, Björn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/676b44f9-28aa-46c0-8472-dc66b1fa0cea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
