On Tue, 2006-04-18 at 18:32 -0400, seth vidal wrote: > Does puppet offer any way of notifying about and acknowledging newly > created keys for machines so admins can determine if they should be > allowed access or not? Yes, a new cert for a client is only created after running a command (puppetca) on the central server; currently, admins need to run 'puppetca --list' to check for new cert requests, there's not yet any mechanism to add notification (email etc.) into that workflow. Details about puppet security can be found at http://reductivelabs.com/projects/puppet/documentation/security David
