官术网_书友最值得收藏!

  • Puppet 2.7 Cookbook
  • John Arundel
  • 168字
  • 2021-04-02 18:19:57

Using autosign

In cryptography, as in life, you have to be careful what you sign. Normally, when you introduce a new client to the Puppetmaster, you need to generate a certificate request on the client, and then sign it on the master. However, you can skip this step by enabling autosigning.

How to do it...

Create the file /etc/puppet/autosign.conf on the Puppetmaster with the following contents: *.example.com

How it works...

Puppet checks any incoming certificate requests to see if they match a line from autosign.conf. Any certificate requests from clients with a hostname matching *.example.com will be automatically signed by the Puppetmaster.

Tip

Important: This is a potential security problem, since it amounts to trusting any client that can connect to the Puppetmaster. For this reason, autosigning is not recommended. If you do use it, make sure that the Puppetmaster is protected by a firewall that allows only approved clients or IP ranges to connect. A more secure approach is pre-signing.

See also

  • Pre-signing certificates in this chapter
主站蜘蛛池模板: 浮山县| 廊坊市| 扎鲁特旗| 安岳县| 东宁县| 项城市| 陆河县| 定南县| 贵溪市| 武夷山市| 阿拉善左旗| 秭归县| 太原市| 东至县| 额尔古纳市| 扎赉特旗| 开鲁县| 辽源市| 福海县| 汝城县| 武山县| 华亭县| 梁河县| 丰原市| 汾西县| 西安市| 闽侯县| 皮山县| 曲阜市| 杂多县| 沙湾县| 木兰县| 正安县| 双城市| 广宁县| 祁东县| 个旧市| 安岳县| 安乡县| 邓州市| 金湖县|