cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Kinsella <>
Subject Re: [DISCUSS] Changing the way password reset works, or allowing the cloud-init way
Date Wed, 27 Aug 2014 16:08:33 GMT
SSL - maybe we could use the same SSL cert used for the CP and secure download? Feels a little
sketchy at first thought but might be an improvement...


On Aug 26, 2014, at 5:51 PM, Chiradeep Vittal <> wrote:

> The current design is “OK”, not great. Looking for suggestions to make it more secure.
>  *   HTTPS
>  *   Client authentication
> Another idea might be to attach a volume to the VM with the password, but hot plug detection
varies widely from OS/Hypervisor combinations.
> HTTP(s) is the lowest common denominator, but it has some trade-offs.
> From: John Kinsella <<>>
> Reply-To: "<>" <<>>
> Date: Tuesday, August 26, 2014 at 4:04 PM
> To: "<>" <<>>
> Subject: Re: [DISCUSS] Changing the way password reset works, or allowing the cloud-init
> On Aug 26, 2014, at 1:34 PM, Erik Weber <<>>
> If I understand correctly, we currently deploy a web server on port 8080 on
> Slight correction: A processes on the VR listens on port 8080, and hands any connections
to a UNIX script. Calling it a "web server" is way too kind.
> Also, you’re just looking at the unix use-case. The Windows agent is close sourced
the last I checked.
> Cloud-init doesn’t feel like the best solution, as the one good thing the current setup
does is remove the password from the VR after it’s fetched.
> Thought there was a bug filed on this, but I don’t see it?

View raw message