On Sep 29, 2008, at 1:06 PM, Nigel Kersten wrote:
> > On Mon, Sep 29, 2008 at 8:56 AM, Crawford Kyle <[EMAIL PROTECTED]> > wrote: >> >> Hi, >> >> I am wondering how people are handling certificates for workstations >> whose names commonly change. >> >> I am using Puppet to manage Mac workstations. When they initially >> come on network, they haven't been named, dynamic dns has not updated >> and they have the potential to have name conflicts. I wind up with >> different cert requests for the same machine. >> >> If I use autosign, the names will be completely wrong. What I'd like >> to do is probably create the cert request on the client side using >> the en0 macaddress of the machine or something unique rather than the >> current fqdn of the host. I realize that I could do this on the >> server, but that requires out of band distribution of the cert to the >> client right? >> >> Thanks, >> > > Kyle, we use a UUID for all our clients for this exact problem. > > Our puppet installation creates puppet.conf with the output of uuidgen > | tr [A-Z] [a-z] instead so that's the certname that's requested by > the client. > > You could easily make it something related to the en0 MAC if you > wanted. Ah certname in puppet.conf. Excellent. Thanks Nigel, Kyle --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
