fileserver -- allow *, but managed certificates -- secure?
11 views
Skip to first unread message
Dan Sheppard
Jun 17, 2015, 8:37:08 AM6/17/15
to puppet...@googlegroups.com
Hi folk,
I am working on a puppet master server which will be hosted at a
publicly visible IP (due to multi-site issues), and which will someday
contain reasonably sensitive data and so which I must secure.
I've been pretty careful with developing a custom autosign strategy,
linking in with our existing infrastructure, so that the only
certificates signed are those of servers we trust, (through use of
including custom credentials in the CSR which include short-lived,
integrity-verified, machine-tied signing requests, etc). All this is
working fine and dandy as far as I can tell.
My concern is files served at custom mount point (or the default ones),
via fileserver.conf. I would like to make various of these custom mounts
visible to all of my agents, and I assume that if I make them
universally visible ("Allow *", etc in fileserver.conf), then a client
would still need a valid client certificate to access this data, and so
the data would remain private to those who have managed to obtain a
signed client certificate.
I'm basically wondering if that assumption is correct?
It seems very likely, but not having seen this in black-and-white makes
me nervous, it being a security issue, and have found some worrying
confused people on stackoverflow. But is my reasoning correct?
I'm sorry if this has been asked before. I have had a goot look through
the docs and the FAQs, but I can't help thinking I'm missing something.
Dan.
I am working on a puppet master server which will be hosted at a
publicly visible IP (due to multi-site issues), and which will someday
contain reasonably sensitive data and so which I must secure.
I've been pretty careful with developing a custom autosign strategy,
linking in with our existing infrastructure, so that the only
certificates signed are those of servers we trust, (through use of
including custom credentials in the CSR which include short-lived,
integrity-verified, machine-tied signing requests, etc). All this is
working fine and dandy as far as I can tell.
My concern is files served at custom mount point (or the default ones),
via fileserver.conf. I would like to make various of these custom mounts
visible to all of my agents, and I assume that if I make them
universally visible ("Allow *", etc in fileserver.conf), then a client
would still need a valid client certificate to access this data, and so
the data would remain private to those who have managed to obtain a
signed client certificate.
I'm basically wondering if that assumption is correct?
It seems very likely, but not having seen this in black-and-white makes
me nervous, it being a security issue, and have found some worrying
confused people on stackoverflow. But is my reasoning correct?
I'm sorry if this has been asked before. I have had a goot look through
the docs and the FAQs, but I can't help thinking I'm missing something.
Dan.
Reply all
Reply to author
Forward
0 new messages