Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2847

puppet cert sign lacks hashsum parameter

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Won't Do
    • None
    • None
    • CLI
    • None
    • Froyo
    • Needs Assessment

    Description

      Hi,

      on puppet master the client's public key needs to be signed with puppet cert sign clientname

       

      There's two ways to do it:

      1) the interactive way where the sha256 hash sum is shown and a human confirms to have checked this

      2) the --assume-yes way to blindly sign a key without verifying.

       

      That's insufficent /insecure if clients need to be registered automatically, e.g. with an external script

       

      there show be a command like

      puppet cert sign clientname hashsum

      or just

      puppet cert sign hashsum

       

      which signs the client only if the hashsum is equal to the one given on command line (e.g. fetched directly from the client)

       

       

      And on the client side there should be some simple command to display the corresponding hash of the cert request, in order to automatically fetch the hash sum from the client and pass it to the master/server to sign that particular hash.

       

      regards

       

       

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. PUP-9720 puppet agent --fingerprint is broken

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

          Activity

            People

              Unassigned Unassigned
              hadmut Hadmut Danisch
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support