cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Kluge <Kevin.Kl...@citrix.com>
Subject RE: Why isn't md5 encryption needed for host passwords?
Date Sat, 23 Jun 2012 00:10:21 GMT
The CloudStack has to present the cleartext password to authenticate the management server
to the hypervisor in some cases.   Encryption could be done on transport (and is done when
the password is stored), but not a one-way hash.   Use of https is obviously recommended.

-kevin

> -----Original Message-----
> From: Evan Miller [mailto:Evan.Miller@citrix.com]
> Sent: Friday, June 22, 2012 3:10 PM
> To: cloudstack-users@incubator.apache.org
> Subject: Why isn't md5 encryption needed for host passwords?
> 
> Running CloudStack Management Server:
> 
>   v3.0.1.1
> 
> OS:
> 
>   [root@cumulus management]# uname -a
> 
>   Linux cumulus.eng.citrite.net 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6
> 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux
> 
>   [root@cumulus management]#
> 
> 
> 
> Hi:
> 
> 
> I just noticed from the API that it isn't required to md5 encrypt passwords
> when adding hosts.
> 
> Is this by design or is there intent in the future to require the same
> encryption as is used when creating user accounts?
> 
> 
> Regards,
> 
> Evan Miller
> 
> 
> 
> Citrix Systems. Inc.
> 
> Desktop and Cloud Engineering Infrastructure
> 
> 4988 Great America Parkway
> 
> Santa Clara, CA 95054


Mime
View raw message