[Pkg-puppet-devel] Bug#686286: puppetmaster: Please document in NEWS file that the use of IP in allow/deny directives is deprecated and could lead to security issues
Laurent Bigonville
bigon at debian.org
Thu Aug 30 22:26:58 UTC 2012
Package: puppetmaster
Followup-For: Bug #686286
Hi,
OK, some more precision about this.
The issue seems to be the use of IP addresses in the allow/deny
directives in the auth.conf file and it's the use of IP addresses in
these that is deprecated.
Puppet 3.x (3.0.0rc4) has introduced allow_ip and deny_ip directives to
match the client IP. The allow/deny directives is now only matching
against the CN of the SSL certificate.
See: https://projects.puppetlabs.com/issues/16183
Cheers
Laurent Bigonville
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.5-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Pkg-puppet-devel
mailing list