Authentication
Communication with the Chef server can be initiated by different mechanisms such as chef-client, Knife, and using API in code. Let's see how authentication works under different circumstances.
chef-client
Every time a chef-client needs to communicate with the Chef server to fetch some data required for bootstrapping a machine, the chef-client needs to authenticate itself with the Chef server. It does so by using a private key located at /etc/chef/client.pem. However, as we saw in the bootstrap process, when a chef-client is executed for the very first time, there is no private key on the concerned machine. Hence, a chef-client makes use of the private key assigned to the chef-validator (/etc/chef/validation.pem). Once the initial request is authenticated, a chef-client will register with the Chef server using validation.pem, and subsequently the Chef server will return back a new private key to use for future communication. Once the initial chef-client run is over, validation...
