----- Original Message ----- > From: "Sven Kieske" <[email protected]> > To: "Alon Bar-Lev" <[email protected]> > Cc: "[email protected] List" <[email protected]> > Sent: Wednesday, March 19, 2014 2:27:13 PM > Subject: Re: [Users] changing the password of the ovirt root ca > > I'm sorry, but I'm not sure if I understand you correctly. > > What I want to do, is to change the password which protects > > the Certificate Authority which gets created during engine setup. > > I thought this root CA Key is protected by a passphrase, which was > > created during engine-setup. > > Is this not the case? > > As far as I understand your answer you are telling me there is > no password protecting the private key which secures the CA > and all programs which use it are just secured through > file permission ACLs? > > Please correct me where I'm wrong.
No you are not wrong, there is a static password which equals to no password. Key is protected by filesystem ACL. Having a password generated each setup will require to store this password on filesystem, which result in same level of security. > > Thanks in advance > > Am 19.03.2014 11:40, schrieb Alon Bar-Lev: > > Well... yes... it is used by all components that access the file. > > The system ACL is what actually protects it, or we need to add a parameter > > to all programs that use this file, and engine need this before it > > starts... so only manual startup will be supported. > > -- > Mit freundlichen Grüßen / Regards > > Sven Kieske > > Systemadministrator > Mittwald CM Service GmbH & Co. KG > Königsberger Straße 6 > 32339 Espelkamp > T: +49-5772-293-100 > F: +49-5772-293-333 > https://www.mittwald.de > Geschäftsführer: Robert Meyer > St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen > Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
