The CloudStack has to present the cleartext password to authenticate the management server to the hypervisor in some cases. Encryption could be done on transport (and is done when the password is stored), but not a one-way hash. Use of https is obviously recommended.
-kevin > -----Original Message----- > From: Evan Miller [mailto:[email protected]] > Sent: Friday, June 22, 2012 3:10 PM > To: [email protected] > Subject: Why isn't md5 encryption needed for host passwords? > > Running CloudStack Management Server: > > v3.0.1.1 > > OS: > > [root@cumulus management]# uname -a > > Linux cumulus.eng.citrite.net 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 > 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux > > [root@cumulus management]# > > > > Hi: > > > I just noticed from the API that it isn't required to md5 encrypt passwords > when adding hosts. > > Is this by design or is there intent in the future to require the same > encryption as is used when creating user accounts? > > > Regards, > > Evan Miller > > > > Citrix Systems. Inc. > > Desktop and Cloud Engineering Infrastructure > > 4988 Great America Parkway > > Santa Clara, CA 95054
