SSL - maybe we could use the same SSL cert used for the CP and secure download? Feels a little sketchy at first thought but might be an improvement...
John On Aug 26, 2014, at 5:51 PM, Chiradeep Vittal <[email protected]> wrote: > The current design is “OK”, not great. Looking for suggestions to make it > more secure. E.g.,: > > * HTTPS > * Client authentication > > Another idea might be to attach a volume to the VM with the password, but hot > plug detection varies widely from OS/Hypervisor combinations. > HTTP(s) is the lowest common denominator, but it has some trade-offs. > > From: John Kinsella <[email protected]<mailto:[email protected]>> > Reply-To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Date: Tuesday, August 26, 2014 at 4:04 PM > To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Subject: Re: [DISCUSS] Changing the way password reset works, or allowing the > cloud-init way > > > On Aug 26, 2014, at 1:34 PM, Erik Weber > <[email protected]<mailto:[email protected]>> wrote: > If I understand correctly, we currently deploy a web server on port 8080 on > > Slight correction: A processes on the VR listens on port 8080, and hands any > connections to a UNIX script. Calling it a "web server" is way too kind. > > Also, you’re just looking at the unix use-case. The Windows agent is close > sourced the last I checked. > > Cloud-init doesn’t feel like the best solution, as the one good thing the > current setup does is remove the password from the VR after it’s fetched. > > Thought there was a bug filed on this, but I don’t see it? > >
