On 2 March 2011 23:59, Trevor Vaughan <tvaug...@onyxpoint.com> wrote: > Beyond what Den pointed out, I would like to see either native (or > good instructions) support for authenticating with X.509 PKI > certificates. > > You would need to be able to specify: > > - The trusted CA chains > - The CRL/OCSP/SCVP connections > - What attribute/regex contains the username of the user > - An internal username mapping back to the role of the user (which > should be built in) > > This should be authoritative and passwords should be optional. > > Less important, but still nice, would be configuration instructions > for Kerberos with GSSAPI. > > Also, if pulling from LDAP, I would like to avoid custom schemas if at > all possible. It can be *really* hard to get Enterprise-type folks to > add schemas to their servers. >
+1 for me for Kerberos authentication, AD integration would be a big bonus for my clients too. Jim :) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
