On Thu, 2007-05-03 at 09:32 +0200, Tim Lauridsen wrote: > I got the following patches from Eric J. Barkie. > > Purpose: > The main purpose of the client-side certificate patch is for restricting > access to repositories when dealing with licensed RPMS/distributions, > ie: RHEL. The typical use would be to generate a CA and then with that > CA issue a certificate to each machine that will be running yum. The > main repository would be hosted with Apache under mod_ssl with the > SSLCACertificateFile set to your CA and SSLVerifyClient set to > "require". By doing this Apache takes care of the authentication and we > can ensure that the yum repository can only be accessed by the intended > clients. > > Take a look and let me know what you think. >
I like this. I'm kinda curious if the cert-exchange is the same one puppet uses to figure out which machine is asking for access on client requests. -sv _______________________________________________ Yum-devel mailing list [email protected] https://lists.dulug.duke.edu/mailman/listinfo/yum-devel
