Feature #2178
Strict hostname checking should require matching the IP reverse lookup
| Status: | Needs More Information | Start date: | 04/21/2009 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | plumbing | |||
| Target version: | - | |||
| Affected Puppet version: | 0.24.7 | Branch: | ||
| Keywords: | ||||
| Votes: | 0 |
Description
This is related to #1765, which implemented the first level of strict checking.
Once the REST auth file is merged, we can add strict checking at the auth level, failing if the reverse lookup does not match the authenticated node name.
I plan on getting this done for 0.26, rather than trying to get it into 0.25.
Related issues
History
Updated by James Turnbull about 2 years ago
- Target version changed from 2.6.0 to 2.7.x
Updated by Luke Kanies over 1 year ago
- Assignee deleted (
Luke Kanies)
Updated by Nigel Kersten 10 months ago
- Status changed from Accepted to Needs More Information
- Target version deleted (
2.7.x)
I’d like some clarity around what this was meant to achieve.
Is it another bug where we’re assuming that certnames are hostnames?
Updated by Luke Kanies 10 months ago
It just allows people to be even more strict, when hostnames actually do match the certnames. I think we actually used to do this, but we had to disable it as part of allowing certnames to be whatever you want.
There’s been some discussion of a ‘strict hostname checking’, and this was one of the items that would qualify.