-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow ssh between saluser@tel-lt1.tu and saluser@tel-hw1.tu #652
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this to hold more secured data inside the configuration? (such as keys?)
The puppet |
49c4007
to
1bb6566
Compare
This param is needed to allow management of hosts in which we do not want to manage the content of /etc/resolv.conf.
This host is currently in 140.252.32/23 and unable to reach the regular tu nameservers.
1bb6566
to
ce635a2
Compare
Generates profile::util::keytab resources.
Generally, we want to allow ssh between 2 pair of hosts only. We don't not want the TGT to be reusable to make another hop from the destination host. If additional access from the destination ssh host is needed, a role user TGT should also be present on the destination host.
47e1b21
to
44b50a8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for the explanation 👍
Additionally, krb5 keytab values have been converted from
String
toSensitive[String]
as a first step towards more considerate handling of secrets.See: https://puppet.com/docs/puppet/7/securing-sensitive-data.html
Related to https://github.com/lsst-it/lsst-puppet-hiera-private/pull/75