yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1216035] Re: vmwareapi drivers should not set passwords in global config

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Gary Kotton <1216035@xxxxxxxxxxxxxxxxxx>
Date: Mon, 26 Aug 2013 07:27:45 -0000
Reply-to: Bug 1216035 <1216035@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi,
This bug is no longer relevant following the fix for https://code.launchpad.net/bugs/1215352 (https://review.openstack.org/#/c/43268/).
If passwords are to be used for VNC then these should be generated per instance. This is not something that is specific to VMware and should maybe be dealt with across open stack.
Thanks
Gary

** Changed in: nova
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1216035

Title:
  vmwareapi drivers should not set passwords in global config

Status in OpenStack Compute (Nova):
  Invalid

Bug description:
  The use of a globally configured VNC password sets the VNC password
  for an entire cloud. That means if one tenant knows the VNC password,
  they know the VNC password for all tenants. This creates an illusion
  of security that is more harmful than acknowledging that there is no
  security in the VNC traffic itself. We should therefore remove the VNC
  global configuration.

  Possible other steps to be covered in a separate bug/blueprint:
  * allow per instance passwords
  * allow per tenant passwords
  * allow strong security options using strong crypto between VNC proxy and ESX hypervisor

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1216035/+subscriptions