I think we need the option _not_ to inject a password (e.g. if I'm on Linux and am going to use SSH private keys, or if I have another higher-security means of accessing my server) Does the API support this (yet)?
Also, I know security through obscurity isn't really security, but if we're open source, I think we must have "strong" password generation, whatever may or may not have been the case in the past. I suggest beefing up the generate_password function to make use of os.urandom (which I know isn't perfect either, but is probably secure enough for anyone willing to rely on a password) Justin On Wed, Mar 2, 2011 at 4:52 PM, Ed Leafe <e...@leafe.com> wrote: > On Mar 2, 2011, at 4:11 PM, Dan Prince wrote: > > > We created a blueprint on adding support for password generation when > creating servers. This is needed for Openstack API/Cloud Servers API v1.0 > parity. > > > > We are anxious to get this work started so if you are interested please > review the following: > > > > > https://blueprints.launchpad.net/nova/+spec/openstack-api-server-passwords > > > > http://etherpad.openstack.org/openstack-api-server-passwords > > There is a basic password generator in nova/utils.py. It returns a > combination of digits and letters to whatever length you request. There is > no pretension of being the last word in high security, but it should be > equivalent to the current default password generation in Cloud Servers. > > > > -- Ed Leafe > > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
