- Puppet 2.7 Cookbook
- John Arundel
- 168字
- 2021-04-02 18:19:57
Using autosign
In cryptography, as in life, you have to be careful what you sign. Normally, when you introduce a new client to the Puppetmaster, you need to generate a certificate request on the client, and then sign it on the master. However, you can skip this step by enabling autosigning.
How to do it...
Create the file /etc/puppet/autosign.conf
on the Puppetmaster with the following contents: *.example.com
How it works...
Puppet checks any incoming certificate requests to see if they match a line from autosign.conf
. Any certificate requests from clients with a hostname matching *.example.com
will be automatically signed by the Puppetmaster.
Tip
Important: This is a potential security problem, since it amounts to trusting any client that can connect to the Puppetmaster. For this reason, autosigning is not recommended. If you do use it, make sure that the Puppetmaster is protected by a firewall that allows only approved clients or IP ranges to connect. A more secure approach is pre-signing.
See also
- Pre-signing certificates in this chapter
- Google Web Toolkit 2 Application Development Cookbook
- 斯科特·凱爾比的零基礎攝影后期課 Lightroom數碼照片調修技法
- 平面設計綜合教程:Photoshop+Illustrator+CorelDRAW +InDesign(微課版)
- 新媒體美工一冊通(全彩)
- GlassFish Administration
- Capture One 22 Pro高級實戰教程
- 跨境電商:速賣通搜索排名規則解析與SEO技術
- 中文版3ds Max 2020基礎教程
- Photoshop CC中文版基礎教程
- 夢幻森林Procreate童話風插畫繪制專業技法
- MySQL for Python
- Photoshop CC 從入門到精通
- Mastercam軟件應用技術基礎(X2版)
- Python Geospatial Development
- Learn OpenOffice.org Spreadsheet Macro Programming: OOoBasic and Calc automation