-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The only way that I know to do this is to make your reverse lookup match
your CNAME (which doesn''t really make it act like a CNAME at that
point).
The reverse lookup is what matters to the certs, not the forward.
Trevor
On 04/05/2010 05:12 PM, Brian wrote:> I have a puppet server running on foo.example.com with a cname of
> puppet.example.com. In puppet.conf I have server set to
> puppet.example.com and certname set to puppet.example.com. This works
> fine for regular puppet runs. My issue is with puppetrun. In the
> puppetrunner section of namespaceauth.conf, I''ve allowed
> puppet.example.com. However, the puppet clients refuse to run with
> this configuration with the complaint "Denying authenticated client
> foo.example.com(192.0.2.2) access to puppetrunner.run". Only after I
> add foo.example.com to namespaceauth.conf does it work. Is there a way
> to get puppetrun to work with the cname?
>
> I think this might be the same unresolved issue discussed at
>
http://groups.google.com/group/puppet-users/browse_thread/thread/537c1aa347d27bad
>
> All the best,
> Brian Pitts
>
- --
Trevor Vaughan
Vice President, Onyx Point, Inc.
email: tvaughan@onyxpoint.com
phone: 410-541-ONYX (6699)
pgp: 0x6C701E94
- -- This account not approved for unencrypted sensitive information --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAku7Ci4ACgkQyWMIJmxwHpQ4ywCfZFJt4EQ+aKhTVVnv7dOhJuDl
o9EAnAgMAV8yeMIsi+GbhfCbJzSB+u7G
=cDYa
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.