yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1291006] [NEW] Clear text admin password assignment in instance creation should be disabled

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Alessandro Pilotti <1291006@xxxxxxxxxxxxxxxxxx>
Date: Tue, 11 Mar 2014 19:08:30 -0000
Reply-to: Bug 1291006 <1291006@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The clear text admin password management available in the instance
creation "security" tab should be removed as it has been superseded in
both Nova and Horizon by an encrypted password management.

Nova blueprint (Grizzly): https://blueprints.launchpad.net/nova/+spec/get-password
Horizon blueprint (Icehouse): https://blueprints.launchpad.net/horizon/+spec/decrypt-and-display-vm-generated-password

Since this feature is now available in Horizon as well, providing an
option for the users to specify the password is both misleading and non
secure.

Furthermore, the "old"way of providing a clear text passwords works only
on selected hypervisors and it does not work for Windows guests, which
represent at the moment the main use case since SSH keypair
authentication does not apply

** Affects: horizon
     Importance: Undecided
     Assignee: Alessandro Pilotti (alexpilotti)
         Status: New

** Changed in: horizon
     Assignee: (unassigned) => Alessandro Pilotti (alexpilotti)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1291006

Title:
  Clear text admin password assignment in instance creation should be
  disabled

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  The clear text admin password management available in the instance
  creation "security" tab should be removed as it has been superseded in
  both Nova and Horizon by an encrypted password management.

  Nova blueprint (Grizzly): https://blueprints.launchpad.net/nova/+spec/get-password
  Horizon blueprint (Icehouse): https://blueprints.launchpad.net/horizon/+spec/decrypt-and-display-vm-generated-password

  Since this feature is now available in Horizon as well, providing an
  option for the users to specify the password is both misleading and
  non secure.

  Furthermore, the "old"way of providing a clear text passwords works
  only on selected hypervisors and it does not work for Windows guests,
  which represent at the moment the main use case since SSH keypair
  authentication does not apply

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1291006/+subscriptions

Follow ups

[Bug 1291006] Re: Clear text admin password assignment in instance creation should be disabled
From: Thierry Carrez, 2014-03-31
[Bug 1291006] [NEW] Clear text admin password assignment in instance creation should be disabled
From: Alessandro Pilotti, 2014-03-11

References

[Bug 1291006] [NEW] Clear text admin password assignment in instance creation should be disabled
From: Alessandro Pilotti, 2014-03-11