On 05/12/2011 09:44 AM, Patrick wrote: > > On May 11, 2011, at 9:59 AM, Matt Wise wrote: > >> Can hostB make an arbitrary call to the puppet master requesting >> "puppet:///passwd" even if its not a defined resource for that host? > > Simply: Yes > > Ways to stop this: > 1) Include the file in "source" instead which embeds the file in the > catalog.
What you meant to write was "content instead of source". > 2) Use ACLs per module to stop that > 3) Use a custom mount-point, and either define it's permissions, or else > use some path munging so only the correct clients can get the file. > > > Over all, "1" is almost always the easiest. Yes, but it can bloat the catalog depending on the workload. I've found (2) to be very effective. Puppet generates my auth.conf including ACLs. Cheers, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
