On Mon, May 02, 2016 at 11:41:58AM -0700, Morgan Fainberg wrote:
:On Mon, May 2, 2016 at 11:32 AM, Adam Young wrote:
:> Kerberos would work, too, for deployments that prefer that form of
:> Authentication. We can document this, but do not need to implement.
:>
:>
:Never hurts to have alternative
On Mon, May 2, 2016 at 11:32 AM, Adam Young wrote:
> On 04/26/2016 08:28 AM, Guangyu Suo wrote:
>
> Hello, oslo team
>
> For now, some sensitive options like password or token are configured as
> plaintext, anyone who has the priviledge to read the configure file can get
> the real password, this
On Tue, Apr 26, 2016 at 4:25 PM, Guangyu Suo wrote:
> I think there is a little misunderstanding over here, the key point about
> this problem is that you store your password as *plaintext* in the
> configuration file, maybe this password is also the password of many other
> systems. You can't st
On 04/26/2016 08:28 AM, Guangyu Suo wrote:
Hello, oslo team
For now, some sensitive options like password or token are configured
as plaintext, anyone who has the priviledge to read the configure file
can get the real password, this may be a security problem that can't
be unacceptable for som
I think there is a little misunderstanding over here, the key point about
this problem is that you store your password as *plaintext* in the
configuration file, maybe this password is also the password of many other
systems. You can't stop the right person to do the right thing, if someone
gets the
Excerpts from Morgan Fainberg's message of 2016-04-26 10:17:30 -0500:
> On Tue, Apr 26, 2016 at 9:24 AM, Jordan Pittier
> wrote:
>
> >
> >
> > On Tue, Apr 26, 2016 at 3:32 PM, Daniel P. Berrange
> > wrote:
> >
> >> On Tue, Apr 26, 2016 at 08:19:23AM -0500, Doug Hellmann wrote:
> >> > Excerpts fr
On Tue, Apr 26, 2016 at 10:57 AM, Joshua Harlow
wrote:
> Daniel P. Berrange wrote:
>
>> On Tue, Apr 26, 2016 at 08:19:23AM -0500, Doug Hellmann wrote:
>>
>>> Excerpts from Guangyu Suo's message of 2016-04-26 07:28:42 -0500:
>>>
Hello, oslo team
For now, some sensitive options like
2016-04-26 10:33 GMT-05:00 Daniel P. Berrange :
> On Tue, Apr 26, 2016 at 04:24:52PM +0200, Jordan Pittier wrote:
> > On Tue, Apr 26, 2016 at 3:32 PM, Daniel P. Berrange >
> > wrote:
> >
> > > On Tue, Apr 26, 2016 at 08:19:23AM -0500, Doug Hellmann wrote:
> > > > Excerpts from Guangyu Suo's messa
On 04/26/16 16:33, Daniel P. Berrange wrote:
There is already barbican which could potentially fill that role:
"Barbican is a REST API designed for the secure storage, provisioning
and management of secrets such as passwords, encryption keys and X.509
Certificates." [1]
On startup
On 04/26/2016 09:32 AM, Daniel P. Berrange wrote:
IMHO encrypting oslo config files is addressing the wrong problem.
Rather than having sensitive passwords stored in the main config
files, we should have them stored completely separately by a secure
password manager of some kind. The config fi
Daniel P. Berrange wrote:
On Tue, Apr 26, 2016 at 08:19:23AM -0500, Doug Hellmann wrote:
Excerpts from Guangyu Suo's message of 2016-04-26 07:28:42 -0500:
Hello, oslo team
For now, some sensitive options like password or token are configured as
plaintext, anyone who has the priviledge to read
On Tue, Apr 26, 2016 at 04:24:52PM +0200, Jordan Pittier wrote:
> On Tue, Apr 26, 2016 at 3:32 PM, Daniel P. Berrange
> wrote:
>
> > On Tue, Apr 26, 2016 at 08:19:23AM -0500, Doug Hellmann wrote:
> > > Excerpts from Guangyu Suo's message of 2016-04-26 07:28:42 -0500:
> > > > Hello, oslo team
> >
On Tue, Apr 26, 2016 at 9:24 AM, Jordan Pittier
wrote:
>
>
> On Tue, Apr 26, 2016 at 3:32 PM, Daniel P. Berrange
> wrote:
>
>> On Tue, Apr 26, 2016 at 08:19:23AM -0500, Doug Hellmann wrote:
>> > Excerpts from Guangyu Suo's message of 2016-04-26 07:28:42 -0500:
>> > > Hello, oslo team
>> > >
>> >
On Tue, Apr 26, 2016 at 3:32 PM, Daniel P. Berrange
wrote:
> On Tue, Apr 26, 2016 at 08:19:23AM -0500, Doug Hellmann wrote:
> > Excerpts from Guangyu Suo's message of 2016-04-26 07:28:42 -0500:
> > > Hello, oslo team
> > >
> > > For now, some sensitive options like password or token are configure
On Tue, Apr 26, 2016 at 08:19:23AM -0500, Doug Hellmann wrote:
> Excerpts from Guangyu Suo's message of 2016-04-26 07:28:42 -0500:
> > Hello, oslo team
> >
> > For now, some sensitive options like password or token are configured as
> > plaintext, anyone who has the priviledge to read the configur
Excerpts from Guangyu Suo's message of 2016-04-26 07:28:42 -0500:
> Hello, oslo team
>
> For now, some sensitive options like password or token are configured as
> plaintext, anyone who has the priviledge to read the configure file can get
> the real password, this may be a security problem that c
Hello, oslo team
For now, some sensitive options like password or token are configured as
plaintext, anyone who has the priviledge to read the configure file can get
the real password, this may be a security problem that can't be
unacceptable for some people.
So the first solution comes to my min
17 matches
Mail list logo
