-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/11/2015 05:17 PM, Rohit Yadav wrote: > Wido - Lucian is right. Once the user VM resets password, they need > to send an acknowledgement, for example: wget -t 3 -T 20 -O - > --header "DomU_Request: saved_password" $PASSWORD_SERVER_IP:8080 > This is to say that the password server can now remove the password > from its internal storage (file based). > Ah, indeed. > > Lucian - in the proposal what I meant to say was that in case a > password was sent to a user VM but the user VM does not respond > with an ack (so as to remove the password from its storage/memory) > should it expiry it after a period of say 15 mins? > > > Pierre - I would be happy to implement a SSL based http server > which is my next step though I’m not sure about the logistics of > adding the SSL scripts etc, which could be similar how it is done > for the CPVM/SSVM. The first step is to remove bash/socat based > password server with a Python based server that uses Threads > instead of Forks (so less memory intensive) and cleans up > properly. > Shall we make sure this new service listens on IPv6 as well? Let's not introduce a new IPv4-only service :-) > >> On 11-Mar-2015, at 7:09 pm, Nux! <n...@li.nux.ro> wrote: >> >> Hi Wido, >> >> >>>> If a guest has confirmed the password was retrieved delete >>>> it straight away. I am not sure this is what you asked. :) >>>> >>> >>> How would the guest confirm? Merely retrieving it doesn't >>> guarantee that the client was able to set it. >>> >>> I'd say keep if for 15 minutes, so that the guest can try a >>> couple of times before we expire the password. >> >> Nothing against keeping the password around for a few more >> minutes or hours. >> >> Looking at this password script[1] for example, it looks like the >> guest can confirm that password was successfully retrieved and >> set like this: >> >> wget -t 3 -T 20 -O - --header "DomU_Request: saved_password" >> $PASSWORD_SERVER_IP:8080 >> >> >> [1] - >> https://raw.githubusercontent.com/shankerbalan/cloudstack-scripts/master/archlinux/cloudstack-set-guest-password >> > >> > Regards, Rohit Yadav Software Architect, ShapeBlue M. +91 88 262 > 30892 | rohit.ya...@shapeblue.com Blog: bhaisaab.org | Twitter: > @_bhaisaab > > > > Find out more about ShapeBlue and our range of CloudStack related > services > > IaaS Cloud Design & > Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – > rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack > Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack > Software > Engineering<http://shapeblue.com/cloudstack-software-engineering/> > CloudStack Infrastructure > Support<http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training > Courses<http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are > intended solely for the use of the individual to whom it is > addressed. Any views or opinions expressed are solely those of the > author and do not necessarily represent those of Shape Blue Ltd or > related companies. If you are not the intended recipient of this > email, you must neither take any action based upon its contents, > nor copy or show it to anyone. Please contact the sender if you > believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India > LLP is a company incorporated in India and is operated under > license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is > a company incorporated in Brasil and is operated under license from > Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The > Republic of South Africa and is traded under license from Shape > Blue Ltd. ShapeBlue is a registered trademark. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVAJFwAAoJEAGbWC3bPspC++8QALGc/ggAhOTuv4YH/H5k+kdo ccUbOdRd5YDaVwuc0lqAVz1mfiCu2KWSV8dMAH60Xty3H7Yz3CtfNt2LF6EUEPs8 McorD6eR4WjmlUwjl+kl/vcyPcMgkKhQ2Im75EvTkoAhDpxeD25damqU9dOjTcZq w4njFO8Q0lJRdssAQpQhampPDY0A2Itdb3TwEOAhu+/3gQiHPUkQKi6pTJfJZVf/ yzux8yCEXup9w3VzaWU3zpc2O9VNDyuWzQkSarxvZucP3kFFfoQkiDJekg4ooijP wpN4Y6QyIy9djVKA7gh7miky5z7RZfkr8aLUi5BjOrH6Beh+wNKI5xAmCIt9rV7C +DapHEQO9P6hMzXawAoojazLuSz8X/4H6Ds7b/9/XVe8bxueDMdsk1uMDVp2Shqf UztJ4Ik/iWypReuJjEKSxx9BJq+CJHUDgUQQcdfIAv+V2s7WjHMj94bPxUbf6a48 lHTtJH4sQdwK3GLV7nN0dnpxo3lOEkQmn7sTILbKXCo5+Kx2qEKap4122CvthyT2 3WpBsEAhxDGDUKfisp1zzf+JRKnLAS/Ve5oWm9uQ+76CvbSfrl6i4NXzviPKdjfk bFklM7xaO+JY/dH0PnOA5XrBGNGAqiEczvtjWQub+gWi2k03R4tQns1maYgW1d2U 3GIjru7LyLBYMIQmudZA =a25U -----END PGP SIGNATURE-----
