- Puppet 2.7 Cookbook
- John Arundel
- 168字
- 2021-04-02 18:19:57
Using autosign
In cryptography, as in life, you have to be careful what you sign. Normally, when you introduce a new client to the Puppetmaster, you need to generate a certificate request on the client, and then sign it on the master. However, you can skip this step by enabling autosigning.
How to do it...
Create the file /etc/puppet/autosign.conf on the Puppetmaster with the following contents: *.example.com
How it works...
Puppet checks any incoming certificate requests to see if they match a line from autosign.conf. Any certificate requests from clients with a hostname matching *.example.com will be automatically signed by the Puppetmaster.
Tip
Important: This is a potential security problem, since it amounts to trusting any client that can connect to the Puppetmaster. For this reason, autosigning is not recommended. If you do use it, make sure that the Puppetmaster is protected by a firewall that allows only approved clients or IP ranges to connect. A more secure approach is pre-signing.
See also
- Pre-signing certificates in this chapter
- Vulkan學(xué)習(xí)指南
- 邊做邊學(xué):Photoshop圖像制作案例教程(Photoshop CC 2019·微課版)
- Moldflow 2010完全自學(xué)與速查手冊(cè)(模流分析·成本控制)
- R Graph Cookbook
- 3ds Max & Unreal Engine 4:VR三維建模技術(shù)實(shí)例教程(附VR模型)
- Blender 3D Architecture, Buildings, and Scenery
- Procreate+ SketchUp +Photoshop建筑設(shè)計(jì)手繪表現(xiàn)技法
- Cinema 4D完全實(shí)戰(zhàn)技術(shù)手冊(cè)
- Instant Testing with QUnit
- Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7/filter
- Python 3 Object Oriented Programming
- Python Testing Cookbook
- 原片蛻變:Photoshop CC商業(yè)修圖必修課
- 新編 中文版Photoshop平面設(shè)計(jì)入門與提高
- Creo快速入門教程(Creo 8.0中文版)