On Aug 27, 2010, at 11:33 AM, Dan Bode wrote: > > On Fri, Aug 27, 2010 at 9:21 AM, Mike Devlin <mdev...@aisle10.net> wrote: > you lose all the reporting functionality, but as long as you get all your > puppet manifests and files accessible by the servers you want to run puppet > on (rsync, nfs....whatever), you can just run puppet directly, although it > now has to compile everything, even if its not needed, so its slower to run. > > > there is an additional bit of functionality that you lose in this setup, > authentication/least access. > > In client server mode, the CA is required to sign the clients cert before > that client can connect to the server. This ensures that: > > 1. Only an authorized client can connect to the puppetmaster and request a > catalog. > 2. The client only has access to the compiled catalog, not the source code. > This means it only has access to the information it needs and nothing else.
That's almost true. The default access rules allow all authorized clients to access all files that are being served from "files" folders. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
