[prev in list] [next in list] [prev in thread] [next in thread]
List: libguestfs
Subject: Re: [Libguestfs] [PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
From: "Richard W.M. Jones" <rjones () redhat ! com>
Date: 2018-06-29 12:25:20
Message-ID: 20180629122520.GR4080 () redhat ! com
[Download RAW message or body]
On Fri, Jun 29, 2018 at 12:55:16AM +0300, Nir Soffer wrote:
> I don't think we should make it easy to have a static files with
> many keys and user names. Shared key should be used exactly once,
> for single operation. This means that you cannot loose the key and
> you don't need to manage it.
>
> It would be best if we could pass the key to without writing it to
> actual file so we don't have to clean it up later.
This is true, but it's difficult to pass the key securely to the
server except through a temporary file or a pipe.
Note that --tls-psk as proposed allows both (using a bit of bash trickery):
nbdkit --tls-psk=/tmp/keys.psk
nbdkit --tls-psk=<( my-secure-key-generating-program )
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic