You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the time being, the authentication event has the following details:
salt/auth {"_stamp": "2017-09-07T19:19:45.523301",
"act": "pend",
"id": "vmx1",
"pub": "-----BEGIN PUBLIC KEY-----... snip ...-----END PUBLIC KEY-----",
"result": true}
In order to be able to correctly and safely determine if the minion you are going to accept automatically is really the one you want, there it would be needed at least the IP address where the minion runs. I can see several other interesting details that might help: hostname, IPv6 and so on.
I am opening this as a feature I'll be happy to implement, but it might take a while till I have the time to actually implement it. If there's anyone that could get to it earlier, please feel free to solve it.
Meanwhile, there's the following conversation I would like to have: who inserts the IP address into the payload? If the minion sends it, that cannot be entirely safe (i.e., it can set any address it wants); if the master inserts it, when using the ZMQ as the transport, IIRC, you can't determine who sent you the message.
I am looking forward to hearing your thoughts about that!
Thanks,
-Mircea
The text was updated successfully, but these errors were encountered:
Description of Issue/Question
At the time being, the authentication event has the following details:
In order to be able to correctly and safely determine if the minion you are going to accept automatically is really the one you want, there it would be needed at least the IP address where the minion runs. I can see several other interesting details that might help: hostname, IPv6 and so on.
I am opening this as a feature I'll be happy to implement, but it might take a while till I have the time to actually implement it. If there's anyone that could get to it earlier, please feel free to solve it.
Meanwhile, there's the following conversation I would like to have: who inserts the IP address into the payload? If the minion sends it, that cannot be entirely safe (i.e., it can set any address it wants); if the master inserts it, when using the ZMQ as the transport, IIRC, you can't determine who sent you the message.
I am looking forward to hearing your thoughts about that!
Thanks,
-Mircea
The text was updated successfully, but these errors were encountered: