On Oct 31, 2012, at 7:04 PM, Lars Kellogg-Stedman <l...@seas.harvard.edu> wrote:

> Injection via files on a configuration disk seems to me the best way
> to handle security credentials like this, because disks in many cases
> require privileges to mount on a system and the configuration script
> can delete the credentials file after processing it.

Honestly I think the entire idea of passing a password in to the instance at 
boot
time is insecure and flawed. The best idea I've heard for a secure windows 
password
is the following:

a) put a public key on the instance via metadata or config drive (for ease of 
use this could actually just be the ssh public key you normally use for logging 
into the vm).
b) have a daemon in the windows instance that:
 * generates a random password
 * sets the administrator password to the random password
 * encrypts it with the public key
 * serves the encrypted password over https on a known port (say 9999)
c) open up port (9999) in the instance's security group
d) retrieve the encrypted password and decrypt it
e) close port (9999) in the instances security group

for extra security you could use make daemon run for a certain amount of time 
on initial boot or have a a specific url on the port that stops the daemon.

If we could collaborate on a daemon that does this on the guest side then we 
could
actually create a nova command that would do all of the above and display the 
password
to the user. In fact this would work for non-windows vms as well.

nova get-password <uuid>

Vish
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Reply via email to