[Pkg-puppet-devel] Bug#686286: puppetmaster: Please document in NEWS file that the use of IP in allow/deny directives is deprecated and could lead to security issues

Laurent Bigonville bigon at debian.org
Thu Aug 30 22:26:58 UTC 2012

Package: puppetmaster
Followup-For: Bug #686286


OK, some more precision about this.

The issue seems to be the use of IP addresses in the allow/deny
directives in the auth.conf file and it's the use of IP addresses in
these that is deprecated.

Puppet 3.x (3.0.0rc4) has introduced allow_ip and deny_ip directives to
match the client IP. The allow/deny directives is now only matching
against the CN of the SSL certificate.

See: https://projects.puppetlabs.com/issues/16183


Laurent Bigonville

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.5-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

More information about the Pkg-puppet-devel mailing list