官术网_书友最值得收藏!

Using autosign

In cryptography, as in life, you have to be careful what you sign. Normally, when you introduce a new client to the Puppetmaster, you need to generate a certificate request on the client, and then sign it on the master. However, you can skip this step by enabling autosigning.

How to do it...

Create the file /etc/puppet/autosign.conf on the Puppetmaster with the following contents: *.example.com

How it works...

Puppet checks any incoming certificate requests to see if they match a line from autosign.conf. Any certificate requests from clients with a hostname matching *.example.com will be automatically signed by the Puppetmaster.

Tip

Important: This is a potential security problem, since it amounts to trusting any client that can connect to the Puppetmaster. For this reason, autosigning is not recommended. If you do use it, make sure that the Puppetmaster is protected by a firewall that allows only approved clients or IP ranges to connect. A more secure approach is pre-signing.

See also

  • Pre-signing certificates in this chapter
主站蜘蛛池模板: 女性| 巩留县| 商洛市| 沭阳县| 四平市| 尼木县| 临武县| 福海县| 仙游县| 花莲市| 临清市| 延津县| 怀远县| 望江县| 肇州县| 博爱县| 康定县| 旌德县| 乌鲁木齐市| 正定县| 比如县| 孟村| 太湖县| 通山县| 滦平县| 乾安县| 长寿区| 宁南县| 葵青区| 济源市| 镇雄县| 玉溪市| 桐梓县| 肃南| 临海市| 庐江县| 江西省| 漳浦县| 舟山市| 牡丹江市| 罗山县|