cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Kinsella <...@stratosec.co>
Subject Re: [DISCUSS] Changing the way password reset works, or allowing the cloud-init way
Date Wed, 27 Aug 2014 16:08:33 GMT
SSL - maybe we could use the same SSL cert used for the CP and secure download? Feels a little
sketchy at first thought but might be an improvement...

John

On Aug 26, 2014, at 5:51 PM, Chiradeep Vittal <Chiradeep.Vittal@citrix.com> wrote:

> The current design is “OK”, not great. Looking for suggestions to make it more secure.
E.g.,:
> 
>  *   HTTPS
>  *   Client authentication
> 
> Another idea might be to attach a volume to the VM with the password, but hot plug detection
varies widely from OS/Hypervisor combinations.
> HTTP(s) is the lowest common denominator, but it has some trade-offs.
> 
> From: John Kinsella <jlk@stratosec.co<mailto:jlk@stratosec.co>>
> Reply-To: "dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>" <dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>>
> Date: Tuesday, August 26, 2014 at 4:04 PM
> To: "dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>" <dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>>
> Subject: Re: [DISCUSS] Changing the way password reset works, or allowing the cloud-init
way
> 
> 
> On Aug 26, 2014, at 1:34 PM, Erik Weber <terbolous@gmail.com<mailto:terbolous@gmail.com>>
wrote:
> If I understand correctly, we currently deploy a web server on port 8080 on
> 
> Slight correction: A processes on the VR listens on port 8080, and hands any connections
to a UNIX script. Calling it a "web server" is way too kind.
> 
> Also, you’re just looking at the unix use-case. The Windows agent is close sourced
the last I checked.
> 
> Cloud-init doesn’t feel like the best solution, as the one good thing the current setup
does is remove the password from the VR after it’s fetched.
> 
> Thought there was a bug filed on this, but I don’t see it?
> 
> 


Mime
View raw message