Puppet users - Sep 2011 - load balance multiple puppetmaster, backend workers not authenticating

I''m trying to load balance multiple puppetmasters using apache and
passenger as described in James''s book.

Was able to get a single passenger server installation to work
correctly.  When I configure the frontend load balancer and backend
workers, the backend workers does not authenticate even though I am
passing the headers to it.

curl -v -H "Accept: pson, yaml" \
>  -H "X-Client-DN:: /CN=puppetclient.example" \
>  -H "X-Client-Verify: SUCCESS" \
>
''http://puppetmaster.example:18140/production/catalog/puppetclient.example?facts_format=b64_zlib_yaml&facts=...''
* About to connect() to puppetmaster.example port 18140
*   Trying puppetmaster.example... connected
* Connected to puppetmaster.example (192.168.1.100) port
18140
> GET
/production/catalog/puppetclient.example?facts_format=b64_zlib_yaml&facts=...
HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5
OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: puppetmaster.example:18140
> Accept: pson, yaml
> X-Client-DN:: /CN=puppetclient.example
> X-Client-Verify: SUCCESS
>
< HTTP/1.1 403 Forbidden
< Date: Tue, 13 Sep 2011 14:28:39 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.9
< Content-Length: 98
< Status: 403
< Connection: close
< Content-Type: text/plain; charset=UTF-8
Closing connection #0
Forbidden request: puppetclient.example(192.168.1.201) access to /
catalog/puppetclient.example [find] at line 93

Here is the backend configuration:
Listen 18140
<VirtualHost 192.168.1.100:18140>
        SSLEngine off

        # Obtain Authentication Information from Client Request
Headers
        SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1
        SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1

        RackAutoDetect On
        DocumentRoot /usr/share/puppet/rack/puppetmaster_18140/public/
        <Directory /usr/share/puppet/rack/puppetmaster_18140/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog /var/log/httpd/puppetmaster_worker_error_18140.log
        CustomLog /var/log/httpd/puppetmaster_worker_access_18140.log
combined
</VirtualHost>

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.