[chef] Re: Client/Server secure model

[Ranjib Dey < >]

Chef uses https for client server communication. Every chef client (nodes, users who operate /manage chef) uses their own private key. The registration of clients are done via admin clients or validation client (a special client that can only register non-admin clients). Communication between chef server and client never happens in an insecure manner, while other integration points (like rabitmq to chef server or solr to chef server) are secured via firewalls and tool specific authentication (like vhosts and user credentials for rabbitmq).

That said, you can also create custom public key /private key pair and hook in them to chef server to authenticate your clients/servers against chef server. 

Chef is developed after puppet, there is very little chance that chef will miss some obvious and important feature that puppet has.

regards

ranjib

On Tue, Feb 7, 2012 at 3:52 PM, < "> > wrote:

Hello,

I'm quite new on Chef, but some guys told me that Chef don't use a secure
channel model between client and server. So they told me to use "Puppet", that
does this natively  (I'm not talking about use a external tunnel or something
like that, but about Chef's internal secure communication
implementation/model).

I think this is not true (what they told me), but I have not solid arguments to
discuss/use with they.

Can you help me?