On Sep 4, 2009, at 9:56 AM, Štefan Sakalík wrote:
>
> Larry Ludwig wrote:
>> On Sep 3, 2009, at 6:46 AM, Štefan Sakalík wrote:
>>
>>
>>> I'm using mongrel and these lines in apache config concern me (from
>>> wiki/UsingMongrel):
>>> SSLVerifyClient optional
>>> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>>>
>>> So apache gives access to everyone. Does the puppetmaster
>>> additionally
>>> verify client's identity? It's not obvious from the source code.
>>>
>>
>> Hi,
>>
>> This is so unsigned clients can connect and send their initial info.
>> (allowing the puppetmaster to sign them)
>>
> I see now. I wanted to make sure that client without signed
> certificate
> can't get access to fileserver. So I assume this is the case.
Correct.
-L
--
Larry Ludwig
Reductive Labs
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
