[ovirt-devel] Allow access to Cockpit by default after adding a host? Or make it configurable in Engine?
Fabian Deutsch
fdeutsch at redhat.com
Fri Mar 4 12:02:34 UTC 2016
Btw. This question is now asked for Node, but it also affects other
hosts which are running Cockpit.
- faian
On Fri, Mar 4, 2016 at 1:01 PM, Fabian Deutsch <fdeutsch at redhat.com> wrote:
> Hey,
>
> Node Next will ship Cockpit by default.
>
> When the host is getting installed, Cockpit can be reached by default
> over it's port 9090/tcp.
>
> But after the host was added to Engine, Engine/vdsm is setting up it's
> own iptables rules which then prevent further access to Cockpit.
>
> How do we want users to control the access to Cockpit? So where shall
> users be able to open or close the Cockpit firewall port.
>
> Initially I thought that we can open up the cockpit port by default,
> but this might be a security issue.
> (Brute force attacks to crack user passwords through the web interface).
>
> - fabian
--
Fabian Deutsch <fdeutsch at redhat.com>
RHEV Hypervisor
Red Hat
More information about the Devel
mailing list