-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The only way that I know to do this is to make your reverse lookup match your CNAME (which doesn't really make it act like a CNAME at that point).
The reverse lookup is what matters to the certs, not the forward. Trevor On 04/05/2010 05:12 PM, Brian wrote: > I have a puppet server running on foo.example.com with a cname of > puppet.example.com. In puppet.conf I have server set to > puppet.example.com and certname set to puppet.example.com. This works > fine for regular puppet runs. My issue is with puppetrun. In the > puppetrunner section of namespaceauth.conf, I've allowed > puppet.example.com. However, the puppet clients refuse to run with > this configuration with the complaint "Denying authenticated client > foo.example.com(192.0.2.2) access to puppetrunner.run". Only after I > add foo.example.com to namespaceauth.conf does it work. Is there a way > to get puppetrun to work with the cname? > > I think this might be the same unresolved issue discussed at > http://groups.google.com/group/puppet-users/browse_thread/thread/537c1aa347d27bad > > All the best, > Brian Pitts > - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: tvaug...@onyxpoint.com phone: 410-541-ONYX (6699) pgp: 0x6C701E94 - -- This account not approved for unencrypted sensitive information -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAku7Ci4ACgkQyWMIJmxwHpQ4ywCfZFJt4EQ+aKhTVVnv7dOhJuDl o9EAnAgMAV8yeMIsi+GbhfCbJzSB+u7G =cDYa -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
<<attachment: tvaughan.vcf>>
