Hi,
This bug is no longer relevant following the fix for
https://code.launchpad.net/bugs/1215352
(https://review.openstack.org/#/c/43268/).
If passwords are to be used for VNC then these should be generated per
instance. This is not something that is specific to VMware and should maybe be
dealt with across open stack.
Thanks
Gary
** Changed in: nova
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1216035
Title:
vmwareapi drivers should not set passwords in global config
Status in OpenStack Compute (Nova):
Invalid
Bug description:
The use of a globally configured VNC password sets the VNC password
for an entire cloud. That means if one tenant knows the VNC password,
they know the VNC password for all tenants. This creates an illusion
of security that is more harmful than acknowledging that there is no
security in the VNC traffic itself. We should therefore remove the VNC
global configuration.
Possible other steps to be covered in a separate bug/blueprint:
* allow per instance passwords
* allow per tenant passwords
* allow strong security options using strong crypto between VNC proxy and ESX
hypervisor
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1216035/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
