Depending On Your Environment, This May Not Present A Significant Ris

1.	Depending On Your Environment, This May Not Present A Significant Risk. It Essentially Boils Down To The Question ‘do I Trust Everything That Can Connect To My Puppet Master?’.
Answer» If you do still CHOOSE to have a permanent, or semi-permanent, permissive autosign.conf, please consider doing the following: Firewall your puppet master – restrict PORT tcp/8140 to only networks that you trust. Create puppet masters for each ‘trust ZONE’, and only include the TRUSTED NODES in that Puppet masters manifest. If you do still choose to have a permanent, or semi-permanent, permissive autosign.conf, please consider doing the following:

Depending On Your Environment, This May Not Present A Significant Risk. It Essentially Boils Down To The Question ‘do I Trust Everything That Can Connect To My Puppet Master?’.

Answer»

If you do still CHOOSE to have a permanent, or semi-permanent, permissive autosign.conf, please consider doing the following:

Firewall your puppet master – restrict PORT tcp/8140 to only networks that you trust.
Create puppet masters for each ‘trust ZONE’, and only include the TRUSTED NODES in that Puppet masters manifest.

If you do still choose to have a permanent, or semi-permanent, permissive autosign.conf, please consider doing the following: