The default Salt configuration values are designed to be pretty secure. However, sometimes, new users to Salt change configuration values for convenience, which could have an adverse effect on the security of your infrastructure.
Salt provides the ability to bypass certain authentication protocols for very secure environments, or for convenience in testing environments. In your master
configuration template, you'll find settings for open_mode
and auto_accept
:
# Enable "open mode", this mode still maintains encryption, but # turns off authentication, this is only intended for highly # secure environments or for the situation where your keys end up # in a bad state. If you run in open mode you do so at your own # risk! #open_mode: False # Enable auto_accept, this setting will automatically accept all # incoming public keys from the minions. Note that this is # insecure. #auto_accept: False
At the first glance, these two...