From the docs:
----------------------------
auth.conf
rest_authconfig = $confdir/auth.conf
The auth.conf doesn't exist by default, but Puppet has some default
settings that will be put in place if you don't create an auth.conf. You'll
see these settings if you run your puppetmaster in debug mode and then
connect with a client.
---------------------------
namespaceauth.conf
authconfig = $confdir/namespaceauth.conf
This file controls the http connections to the puppet agent. It is
necessary to start the puppet agent with the listen true option.
There's an example namespaceauth.conf file in the puppet source in
conf/namespaceauth.conf.
----------------------------
auth.conf: controls access to puppetmaster - lives on puppetmaster
namespaceauth.conf: bit harder to discern from doco and the link to the
example returns 404. (points to old reductivelabs github)
https://github.com/puppetlabs/puppet/blob/master/conf/namespaceauth.conf
# This is an example namespaceauth.conf file,
# which you'll need if you want to start a client
# in --listen mode.
[fileserver]
allow *.domain.com
[puppetmaster]
allow *.domain.com
[puppetrunner]
allow culain.domain.com
[puppetbucket]
allow *.domain.com
[puppetreports]
allow *.domain.com
[resource]
allow server.domain.com
That would be on the client from my reading but I haven't implemented this
at all.
On , Douglas Garstang <doug.garst...@gmail.com> wrote:
On Tue, Feb 22, 2011 at 2:58 PM, Jed jedbl...@gmail.com> wrote:
Thanks Denmat...
I've seen the page already, but its so vague...
it doesnt mention anywhere what files belong where...
I gather auth.conf would need to be on the puppetmaster...
however, from what it says about namespaceauth.conf, it seems that
needs to live on the puppet client machines....
not sure....
On Feb 22, 4:58 pm, Denmat tu2bg...@gmail.com> wrote:
> I think only on master. This might help you
further.http://docs.puppetlabs.com/guides/security.html
>
> On 23/02/2011, at 8:29, Jed jedbl...@gmail.com> wrote:
>
> > I'm trying to wrap my head around these files...
>
> > do both of them need to reside on the client and master?
>
> > are there any docs that describe these files and what all the option/
> > sections are and what they do?
>
> > Thanks all....
Yeah, it is horribly confusing isn't it. Glad it's not just me that can't
quite work it out.
Doug
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
