- From: dreamcat four <
>
- To:
- Subject: [chef] Re: Re: Re: Re: Re: New Authentication in Chef 0.8
- Date: Thu, 11 Feb 2010 17:22:21 +0000
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=n35gGmwqgd6IQAK1RhJO2Zkbpm4RuFuYmFYzgtps3brBzOVi9L5GFWEQpJnqEOtr1K g/CAmTvzZwgA2ZwlVCn+hkVMHdxrTMzKJg0mDXVZUVO799LtDD5xh9Xgkcz5rlo792cd q6AWviFK5VGSzdcnHZ+uOyuq7s7K77uAhqXlQ=
On Thu, Feb 11, 2010 at 4:21 PM, Miguel Cabeça
<
>
wrote:
>
Using a client certificate with TLS the client could be identified by the
>
CN of that certificate, like any browser that verifies the CN of the
>
certificate presented by the server to match the hostname being accessed.
>
It's the same process.
>
>
Don't get me wrong on this, I'll use this authentication method when 0.8 is
>
released, but I think It was an unnecessary development effort.
>
>
Just my 2¢
>
>
Best Regards
>
>
Miguel Cabeça
Hmm, you sound like you know TLS very well. Bear in mind however that
the Mixlib-Authentication gem (which is what chef 0.8 now uses) is
just 2 pages of Ruby in its entirety. I can see no evidence that the
TLS based solution you are suggesting would not be substantially more
complex, given that Opscode's implementation is already so incredibly
neat and concise.
You'd might be hard pressed to find others who would agree that TLS is
a good mechanism to use here.
dreamcat4
Archive powered by MHonArc 2.6.16.