cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-10381) [ConfigDrive] Password is missing after reset password sequence
Date Fri, 08 Jun 2018 18:42:00 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-10381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16506435#comment-16506435
] 

ASF GitHub Bot commented on CLOUDSTACK-10381:
---------------------------------------------

PaulAngus commented on issue #2705: CLOUDSTACK-10381: Fix password reset / reset ssh key with
ConfigDrive
URL: https://github.com/apache/cloudstack/pull/2705#issuecomment-395852094
 
 
   From what i read, it looks to me like you're using the standard encryption algorithm to
store the users' password - I would be quite strongly opposed to storing these passwords (and
i think that people would have compliance issues) outside of a proper 'vault'.
   
   I'd also ask if the password is removed from the config drive once a VM has booted.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> [ConfigDrive] Password is missing after reset password sequence
> ---------------------------------------------------------------
>
>                 Key: CLOUDSTACK-10381
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10381
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.11.1.0
>            Reporter: Frank Maximus
>            Priority: Blocker
>
> Failing Scenario:
> {quote}*Given* a network offering specifying ConfigDrive as UserData provider
> *And* a network using this offering
> *And* a VM in this network
> *When* I stop the VM
> *and* I reset the password of the VM
> *and* I start the VM
> *Then* I can login with the password returned by the reset password api call
> *And* the password is found on the config drive disk.
> {quote}
> Actual behavior:
> {quote}Password file is missing on config drive disk.
> Password of root on the VM didn't change
> {quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message