On 01/22/2013 10:04 PM, jcbollinger wrote:
You are also right that a compromised client can, in principle, falsify
the fact values presented to the master in an attempt to make it divulge
secret information. Whether the master might actually divulge anything
is a function of the manifests with
On 22.1.2013 23:04, jcbollinger wrote:
> You are correct that that only the identity of the client node is
> authenticated by Puppet, and even that only insomuch as the client can
> be relied upon to protect its SSL certificate. The $hostname fact
> cannot be relied upon to convey that information
On 1/23/2013 12:22 PM, Jist Anidiot wrote:
On Tuesday, January 22, 2013 4:04:22 PM UTC-5, jcbollinger wrote:
You are correct that that only the identity of the client node is
authenticated by Puppet, and even that only insomuch as the client
can be relied upon to protect its SSL ce
