Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E5CC11729F for ; Wed, 11 Mar 2015 13:41:15 +0000 (UTC) Received: (qmail 16453 invoked by uid 500); 11 Mar 2015 13:41:08 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 16414 invoked by uid 500); 11 Mar 2015 13:41:08 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 15882 invoked by uid 99); 11 Mar 2015 13:41:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Mar 2015 13:41:07 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of nux@li.nux.ro designates 31.193.175.196 as permitted sender) Received: from [31.193.175.196] (HELO mailserver.lastdot.org) (31.193.175.196) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Mar 2015 13:41:03 +0000 Received: from localhost (localhost [IPv6:::1]) by mailserver.lastdot.org (Postfix) with ESMTP id C42FA2E4B20 for ; Wed, 11 Mar 2015 13:40:00 +0000 (GMT) Received: from mailserver.lastdot.org ([IPv6:::1]) by localhost (mailserver.lastdot.org [IPv6:::1]) (amavisd-new, port 10032) with ESMTP id hX_k46DOzYer for ; Wed, 11 Mar 2015 13:39:53 +0000 (GMT) Received: from localhost (localhost [IPv6:::1]) by mailserver.lastdot.org (Postfix) with ESMTP id B9FC12E4B21 for ; Wed, 11 Mar 2015 13:39:53 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.9.2 mailserver.lastdot.org B9FC12E4B21 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=li.nux.ro; s=C605E3A6-F3C6-11E3-AEB0-DFF9218DCAC4; t=1426081193; bh=MRgeELEmDL+ymvRVln2fcjLq4ZlfCLTL+U9hTVzax5A=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type: Content-Transfer-Encoding; b=SxbwbdM0IsytOyfXPBZMioL228LaGO7nRYv8ChkaS0GbeUNZyDtPKdKvF8vGfCNwU lCq17WocfHjG/TwnHEv2X5bdmE1gnHudau+nWe7wB0WqG0SS/QwtpjkIAe1kq8wyK9 DHcADQY0f9lxg/WFMBkQ5R5IUL/awjvD1gFW45h4= X-Virus-Scanned: amavisd-new at mailserver.lastdot.org Received: from mailserver.lastdot.org ([IPv6:::1]) by localhost (mailserver.lastdot.org [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id 2c6LnUgj8y-8 for ; Wed, 11 Mar 2015 13:39:53 +0000 (GMT) Received: from mailserver.lastdot.org (mailserver.lastdot.org [31.193.175.196]) by mailserver.lastdot.org (Postfix) with ESMTP id 8889F2E4B20 for ; Wed, 11 Mar 2015 13:39:53 +0000 (GMT) Date: Wed, 11 Mar 2015 13:39:53 +0000 (GMT) From: Nux! To: dev@cloudstack.apache.org Message-ID: <795506513.5253.1426081193106.JavaMail.zimbra@li.nux.ro> In-Reply-To: <55004005.9040103@widodh.nl> References: <54FFF820.90708@shapeblue.com> <991920344.5166.1426079394252.JavaMail.zimbra@li.nux.ro> <55004005.9040103@widodh.nl> Subject: Re: [DISCUSS] VR Password server improvement and expiring MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mailer: Zimbra 8.6.0_GA_1153 (ZimbraWebClient - FF36 (Linux)/8.6.0_GA_1153) Thread-Topic: VR Password server improvement and expiring Thread-Index: Mh2ni+nhTfhg64Qu7MNAAAI7/cS73w== X-Virus-Checked: Checked by ClamAV on apache.org Hi Wido, >> If a guest has confirmed the password was retrieved delete it >> straight away. I am not sure this is what you asked. :) >> > > How would the guest confirm? Merely retrieving it doesn't guarantee > that the client was able to set it. > > I'd say keep if for 15 minutes, so that the guest can try a couple of > times before we expire the password. Nothing against keeping the password around for a few more minutes or hours. Looking at this password script[1] for example, it looks like the guest can confirm that password was successfully retrieved and set like this: wget -t 3 -T 20 -O - --header "DomU_Request: saved_password" $PASSWORD_SERVER_IP:8080 [1] - https://raw.githubusercontent.com/shankerbalan/cloudstack-scripts/master/archlinux/cloudstack-set-guest-password