Thank you guys. Am still wondering, what happens if an old client finds itself connecting to a new master? I know the master verifies the client cert, but the client does not verify the server's, or am I missing something? Why would SSL fail if the master changes?
Thanks a lot. Mohamed. On Monday, October 4, 2010, Richard Crowley <r...@rcrowley.org> wrote: >>> I was wondering how easy/hard is it for a hacker to control my hosts >>> by impersonating puppetmaster, say by poisoning DNS to point >>> puppet.dom.ain to their own server? >>> Are there reasosns why that would not work? >> >> The SSL layer and its key exchange mechanism should handle that. > > New agents would not know the difference, however, and trust the > attacker's master. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- " Logic merely sanctions the conquests of the intuition." Jacques Hadamard -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
