On Mon, Sep 29, 2008 at 8:56 AM, Crawford Kyle <[EMAIL PROTECTED]> wrote: > > Hi, > > I am wondering how people are handling certificates for workstations > whose names commonly change. > > I am using Puppet to manage Mac workstations. When they initially > come on network, they haven't been named, dynamic dns has not updated > and they have the potential to have name conflicts. I wind up with > different cert requests for the same machine. > > If I use autosign, the names will be completely wrong. What I'd like > to do is probably create the cert request on the client side using > the en0 macaddress of the machine or something unique rather than the > current fqdn of the host. I realize that I could do this on the > server, but that requires out of band distribution of the cert to the > client right? > > Thanks, >
Kyle, we use a UUID for all our clients for this exact problem. Our puppet installation creates puppet.conf with the output of uuidgen | tr [A-Z] [a-z] instead so that's the certname that's requested by the client. You could easily make it something related to the en0 MAC if you wanted. -- Nigel Kersten Systems Administrator Tech Lead - MacOps --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
