Re: [Openstack] Keyring support in openstack

2012-08-23 Thread Scott Moser
On Sat, 28 Jul 2012, Bhuvaneswaran A wrote: Team, As per patch https://review.openstack.org/#/c/9497/ we are adding keyring support for openstack client. If password is not specified in command line or environment variable, the user is prompted to enter password. During this time

Re: [Openstack] Keyring support in openstack

2012-08-23 Thread Vishvananda Ishaya
On Aug 23, 2012, at 7:10 AM, Scott Moser smo...@ubuntu.com wrote: I haven' tried this specifically for the openstack client, but when this went into nova, it annoyed me, as I started having to give a password on remote systems every time. For the devstack instances I was working on, I

Re: [Openstack] Keyring support in openstack

2012-08-23 Thread Bhuvaneswaran A
On Thu, Aug 23, 2012 at 7:10 AM, Scott Moser smo...@ubuntu.com wrote: . [backend] default-keyring=keyring.backend.UncryptedFileKeyring keyring-path=/home/ubuntu/xxx # this is ignored As you might already know, the keyring.backend.UncryptedFileKeyring will store the password as in base64

Re: [Openstack] Keyring support in openstack

2012-08-22 Thread Bhuvaneswaran A
On Mon, Jul 30, 2012 at 5:48 PM, Adam Young ayo...@redhat.com wrote: On 07/30/2012 06:00 PM, Doug Hellmann wrote: On Mon, Jul 30, 2012 at 5:30 PM, Adam Young ayo...@redhat.com wrote: On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote: On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A

Re: [Openstack] Keyring support in openstack

2012-08-22 Thread Bhuvaneswaran A
On Mon, Jul 30, 2012 at 2:30 PM, Doug Hellmann doug.hellm...@dreamhost.comwrote: On Mon, Jul 30, 2012 at 4:51 PM, Bhuvaneswaran A bhu...@apache.orgwrote: On Mon, Jul 30, 2012 at 7:46 AM, David Kranz david.kr...@qrclab.com wrote: I share Doug's concerns but would state some more strongly.

Re: [Openstack] Keyring support in openstack

2012-08-22 Thread Joshua Harlow
Date: Wednesday, August 22, 2012 4:15 PM To: Adam Young ayo...@redhat.commailto:ayo...@redhat.com Cc: openstack openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net Subject: Re: [Openstack] Keyring support in openstack On Mon, Jul 30, 2012 at 5:48 PM, Adam Young ayo

Re: [Openstack] Keyring support in openstack

2012-08-22 Thread Adam Young
On 08/22/2012 07:15 PM, Bhuvaneswaran A wrote: On Mon, Jul 30, 2012 at 5:48 PM, Adam Young ayo...@redhat.com mailto:ayo...@redhat.com wrote: On 07/30/2012 06:00 PM, Doug Hellmann wrote: On Mon, Jul 30, 2012 at 5:30 PM, Adam Young ayo...@redhat.com mailto:ayo...@redhat.com

Re: [Openstack] Keyring support in openstack

2012-07-31 Thread Sandy Walsh
@lists.launchpad.net Subject: Re: [Openstack] Keyring support in openstack On Mon, Jul 30, 2012 at 6:31 AM, Doug Hellmann doug.hellm...@dreamhost.com wrote: You've already answered several of my questions on the ticket, but I still have some usability concerns. How does the keyring system support

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Doug Hellmann
On Sun, Jul 29, 2012 at 1:37 AM, Bhuvaneswaran A bhu...@apache.org wrote: Team, As per patch https://review.openstack.org/#/c/9497/ we are adding keyring support for openstack client. If password is not specified in command line or environment variable, the user is prompted to enter

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread David Kranz
it. -David On 7/30/2012 9:31 AM, Doug Hellmann wrote: On Sun, Jul 29, 2012 at 1:37 AM, Bhuvaneswaran A bhu...@apache.org mailto:bhu...@apache.org wrote: Team, As per patch https://review.openstack.org/#/c/9497/ we are adding keyring support for openstack client. If password

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Bhuvaneswaran A
On Mon, Jul 30, 2012 at 6:31 AM, Doug Hellmann doug.hellm...@dreamhost.com wrote: You've already answered several of my questions on the ticket, but I still have some usability concerns. How does the keyring system support a single person logging in using multiple user accounts? For example,

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Bhuvaneswaran A
On Mon, Jul 30, 2012 at 7:46 AM, David Kranz david.kr...@qrclab.com wrote: I share Doug's concerns but would state some more strongly. IMO, it is simply unacceptable to modify user-visible behavior based on whether some package that happens to be used in an implementation is installed or not.

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Matt Joyce
I like making it optional with a default of off. At least for now. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help :

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Kevin L. Mitchell
On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote: The wiki mentions the password being saved using keyring.backend.UncryptedFileKeyring. Does that mean the password is saved in cleartext? Is the file protected in some way besides filesystem permissions? As mentioned in wiki

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Doug Hellmann
On Mon, Jul 30, 2012 at 4:50 PM, Bhuvaneswaran A bhu...@apache.org wrote: On Mon, Jul 30, 2012 at 6:31 AM, Doug Hellmann doug.hellm...@dreamhost.com wrote: You've already answered several of my questions on the ticket, but I still have some usability concerns. How does the keyring

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Adam Young
On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote: On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote: The wiki mentions the password being saved using keyring.backend.UncryptedFileKeyring. Does that mean the password is saved in cleartext? Is the file protected in some way besides

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Doug Hellmann
On Mon, Jul 30, 2012 at 4:51 PM, Bhuvaneswaran A bhu...@apache.org wrote: On Mon, Jul 30, 2012 at 7:46 AM, David Kranz david.kr...@qrclab.com wrote: I share Doug's concerns but would state some more strongly. IMO, it is simply unacceptable to modify user-visible behavior based on whether

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Doug Hellmann
On Mon, Jul 30, 2012 at 5:30 PM, Adam Young ayo...@redhat.com wrote: On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote: On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote: The wiki mentions the password being saved using keyring.backend.**UncryptedFileKeyring. Does that mean the

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Adam Young
On 07/30/2012 06:00 PM, Doug Hellmann wrote: On Mon, Jul 30, 2012 at 5:30 PM, Adam Young ayo...@redhat.com mailto:ayo...@redhat.com wrote: On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote: On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote: The wiki

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Bhuvaneswaran A
Doug and Team, I tweaked the patch to incorporate the review comments. I've included an abstract class for keyring, specific to openstack openstackkeyring. The class is used to store encrypted password in keyring, without prompting for keyring password. The password is encrypted using AES

[Openstack] Keyring support in openstack

2012-07-28 Thread Bhuvaneswaran A
Team, As per patch https://review.openstack.org/#/c/9497/ we are adding keyring support for openstack client. If password is not specified in command line or environment variable, the user is prompted to enter password. During this time, the password is stored in keyring. During next time