Re: [Openstack] Keyring support in openstack

2012-08-23 Thread Bhuvaneswaran A
On Thu, Aug 23, 2012 at 7:10 AM, Scott Moser wrote: > . > [backend] > default-keyring=keyring.backend.UncryptedFileKeyring > keyring-path=/home/ubuntu/xxx # this is ignored > As you might already know, the keyring.backend.UncryptedFileKeyring will store the password as in base64 format. If you a

Re: [Openstack] Keyring support in openstack

2012-08-23 Thread Vishvananda Ishaya
On Aug 23, 2012, at 7:10 AM, Scott Moser wrote: > I haven' tried this specifically for the openstack client, but when this > went into nova, it annoyed me, as I started having to give a password on > remote systems every time. For the devstack instances I was working on, I > honestly couldn't c

Re: [Openstack] Keyring support in openstack

2012-08-23 Thread Scott Moser
On Sat, 28 Jul 2012, Bhuvaneswaran A wrote: > Team, > > As per patch https://review.openstack.org/#/c/9497/ we are adding > keyring support for "openstack" client. If password is not specified > in command line or environment variable, the user is prompted to enter > password. During this time, t

Re: [Openstack] Keyring support in openstack

2012-08-22 Thread Adam Young
On 08/22/2012 07:15 PM, Bhuvaneswaran A wrote: On Mon, Jul 30, 2012 at 5:48 PM, Adam Young > wrote: On 07/30/2012 06:00 PM, Doug Hellmann wrote: On Mon, Jul 30, 2012 at 5:30 PM, Adam Young mailto:ayo...@redhat.com>> wrote: On 07/30/2012 05:17 PM,

Re: [Openstack] Keyring support in openstack

2012-08-22 Thread Joshua Harlow
nesday, August 22, 2012 4:15 PM To: Adam Young mailto:ayo...@redhat.com>> Cc: openstack mailto:openstack@lists.launchpad.net>> Subject: Re: [Openstack] Keyring support in openstack On Mon, Jul 30, 2012 at 5:48 PM, Adam Young mailto:ayo...@redhat.com>> wrote: On 07/30/2012

Re: [Openstack] Keyring support in openstack

2012-08-22 Thread Bhuvaneswaran A
On Mon, Jul 30, 2012 at 2:30 PM, Doug Hellmann wrote: > > > On Mon, Jul 30, 2012 at 4:51 PM, Bhuvaneswaran A wrote: > >> On Mon, Jul 30, 2012 at 7:46 AM, David Kranz >> wrote: >> > I share Doug's concerns but would state some more strongly. IMO, it is >> > simply unacceptable to modify user-visib

Re: [Openstack] Keyring support in openstack

2012-08-22 Thread Bhuvaneswaran A
On Mon, Jul 30, 2012 at 5:48 PM, Adam Young wrote: > On 07/30/2012 06:00 PM, Doug Hellmann wrote: > > > > On Mon, Jul 30, 2012 at 5:30 PM, Adam Young wrote: > >> On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote: >> >>> On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote: >>> The wiki

Re: [Openstack] Keyring support in openstack

2012-07-31 Thread Sandy Walsh
openstack@lists.launchpad.net Subject: Re: [Openstack] Keyring support in openstack On Mon, Jul 30, 2012 at 6:31 AM, Doug Hellmann wrote: > You've already answered several of my questions on the ticket, but I still > have some "usability" concerns. > > How does the k

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Bhuvaneswaran A
Doug and Team, I tweaked the patch to incorporate the review comments. I've included an abstract class for keyring, specific to openstack "openstackkeyring". The class is used to store encrypted password in keyring, without prompting for keyring password. The password is encrypted using AES algorit

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Adam Young
On 07/30/2012 06:00 PM, Doug Hellmann wrote: On Mon, Jul 30, 2012 at 5:30 PM, Adam Young > wrote: On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote: On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote: The wiki mentions the password b

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Matt Joyce
I thought so until I read that security vulnerability report the other day =P On Mon, Jul 30, 2012 at 3:00 PM, Doug Hellmann wrote: > > > On Mon, Jul 30, 2012 at 5:30 PM, Adam Young wrote: > >> On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote: >> >>> On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswar

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Doug Hellmann
On Mon, Jul 30, 2012 at 5:30 PM, Adam Young wrote: > On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote: > >> On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote: >> >>> The wiki mentions the password being saved using keyring.backend.**UncryptedFileKeyring. Does that mean the password is

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Doug Hellmann
On Mon, Jul 30, 2012 at 4:51 PM, Bhuvaneswaran A wrote: > On Mon, Jul 30, 2012 at 7:46 AM, David Kranz > wrote: > > I share Doug's concerns but would state some more strongly. IMO, it is > > simply unacceptable to modify user-visible behavior based on whether some > > package that happens to be

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Adam Young
On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote: On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote: The wiki mentions the password being saved using keyring.backend.UncryptedFileKeyring. Does that mean the password is saved in cleartext? Is the file protected in some way besides filesys

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Doug Hellmann
On Mon, Jul 30, 2012 at 4:50 PM, Bhuvaneswaran A wrote: > On Mon, Jul 30, 2012 at 6:31 AM, Doug Hellmann > wrote: > > > You've already answered several of my questions on the ticket, but I > still > > have some "usability" concerns. > > > > How does the keyring system support a single person log

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Kevin L. Mitchell
On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote: > > The wiki mentions the password being saved using > > keyring.backend.UncryptedFileKeyring. Does that mean the password is > saved > > in cleartext? Is the file protected in some way besides filesystem > > permissions? > > As mentioned i

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Matt Joyce
I like making it optional with a default of off. At least for now. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/List

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Bhuvaneswaran A
On Mon, Jul 30, 2012 at 7:46 AM, David Kranz wrote: > I share Doug's concerns but would state some more strongly. IMO, it is > simply unacceptable to modify user-visible behavior based on whether some > package that happens to be used in an implementation is installed or not. > This package is ins

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Bhuvaneswaran A
On Mon, Jul 30, 2012 at 6:31 AM, Doug Hellmann wrote: > You've already answered several of my questions on the ticket, but I still > have some "usability" concerns. > > How does the keyring system support a single person logging in using > multiple user accounts? For example, if I have an admin a

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread David Kranz
I share Doug's concerns but would state some more strongly. IMO, it is simply unacceptable to modify user-visible behavior based on whether some package that happens to be used in an implementation is installed or not. This package is installed on Ubuntu by default and may be used by other appl

Re: [Openstack] Keyring support in openstack

2012-07-30 Thread Doug Hellmann
On Sun, Jul 29, 2012 at 1:37 AM, Bhuvaneswaran A wrote: > Team, > > As per patch https://review.openstack.org/#/c/9497/ we are adding > keyring support for "openstack" client. If password is not specified > in command line or environment variable, the user is prompted to enter > password. During

[Openstack] Keyring support in openstack

2012-07-28 Thread Bhuvaneswaran A
Team, As per patch https://review.openstack.org/#/c/9497/ we are adding keyring support for "openstack" client. If password is not specified in command line or environment variable, the user is prompted to enter password. During this time, the password is stored in keyring. During next time, the