- Puppet 2.7 Cookbook
- John Arundel
- 168字
- 2021-04-02 18:19:57
Using autosign
In cryptography, as in life, you have to be careful what you sign. Normally, when you introduce a new client to the Puppetmaster, you need to generate a certificate request on the client, and then sign it on the master. However, you can skip this step by enabling autosigning.
How to do it...
Create the file /etc/puppet/autosign.conf on the Puppetmaster with the following contents: *.example.com
How it works...
Puppet checks any incoming certificate requests to see if they match a line from autosign.conf. Any certificate requests from clients with a hostname matching *.example.com will be automatically signed by the Puppetmaster.
Tip
Important: This is a potential security problem, since it amounts to trusting any client that can connect to the Puppetmaster. For this reason, autosigning is not recommended. If you do use it, make sure that the Puppetmaster is protected by a firewall that allows only approved clients or IP ranges to connect. A more secure approach is pre-signing.
See also
- Pre-signing certificates in this chapter
- MATLAB計(jì)算機(jī)視覺經(jīng)典應(yīng)用
- Photoshop后期強(qiáng):數(shù)碼攝影后期完全寶典
- OpenStack實(shí)戰(zhàn)指南
- Lightroom Classic完全自學(xué)一本通
- Flash CC動(dòng)畫制作案例教程
- 中文版Maya 2022完全自學(xué)教程
- PowerPoint 2019從入門到精通(移動(dòng)學(xué)習(xí)版)
- ADempiere 3.6 Cookbook
- Object/Oriented JavaScript
- 中文版Photoshop CS5實(shí)用教程(第2版)
- 中文版3ds Max 2014-VRay效果圖制作完全自學(xué)教程
- UG NX 12.0中文版實(shí)戰(zhàn)從入門到精通
- AutoCAD 2016中文版從新手到高手
- CG數(shù)碼插畫場(chǎng)景藝術(shù)設(shè)計(jì)
- SolidWorks上機(jī)實(shí)踐經(jīng)典40例