On Thu, Nov 11, 2010 at 11:53 PM, Derek J. Balling wrote:
>
> On Nov 11, 2010, at 6:26 PM, donavan wrote:
>> From your comment in #3958 I think autosign[1] with "*.domain.tld"
>> would work for you.
>
> Nope. Because "autosign" doesn't also "auto-overwrite".
Actually it has meant that in some ver
Derek,
I agree with you that the certificates are unnecessary for some
people, myself included. Since we're behind a large corporate
firewall, we don't need this type of security for in house
management. As we upgrade our engineers workstations, the new
workstation almost always has the same nam
Derek J. Balling wrote:
> It's just ugly. Like I said in my ticket notes, I'll concede that for
> some people, it's a necessity, but there's clearly also a set of
> people for whom it is just unnecessary pain and suffering.
>
It's been my experience that SSL (or the requirement for some form of
t
Hi Derek,
2010/11/12 Derek J. Balling
> [...]
> Nope. Because "autosign" doesn't also "auto-overwrite".
>
> - New Host "foo001.domain.tld" is created
> - Certs are exchanged for foo001 with the puppetmaster, life is good,
> autosigned
> - Host foo001.domain.tld is retired
> - Replacement Host "f
On Nov 11, 2010, at 6:26 PM, donavan wrote:
> From your comment in #3958 I think autosign[1] with "*.domain.tld"
> would work for you.
Nope. Because "autosign" doesn't also "auto-overwrite".
- New Host "foo001.domain.tld" is created
- Certs are exchanged for foo001 with the puppetmaster, life is
On Nov 10, 7:42 pm, Derek J. Balling wrote:
> Has anyone had any luck in actually disabling certificates entirely. Just
> trust the hostname you get from DNS and treat that info as authoritative.
>
> I'm in the Puppet BoF @ LISA, and (essentially) was told that's never going
> to happen, even th
