<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p><br>
    </p>
    <br>
    <div class="moz-cite-prefix">On Tuesday 15 November 2016 09:52 PM,
      Archana Singh wrote:<br>
    </div>
    <blockquote
      cite="mid:d4a00541-0ab1-beb5-e19b-f95e97307c35@linux.vnet.ibm.com"
      type="cite">
      <meta content="text/html; charset=windows-1252"
        http-equiv="Content-Type">
      <p>I will send the patch as per below understanding:</p>
      <p>Provide an option for API to specify if password less setup
        done by kimchi has to be removed or not.</p>
      <p>By default if it is not specified then password less setup done
        by kimchi will be removed.</p>
      <p>However if password less setup is not done by kimchi it cannot
        be removed.</p>
      <p>Thanks,<br>
        Archana Singh<br>
      </p>
    </blockquote>
    +1<br>
    <blockquote
      cite="mid:d4a00541-0ab1-beb5-e19b-f95e97307c35@linux.vnet.ibm.com"
      type="cite">
      <p> </p>
      <div class="moz-cite-prefix">On 11/08/2016 09:25 PM, Daniel
        Henrique Barboza wrote:<br>
      </div>
      <blockquote
        cite="mid:0ff6cd06-d519-9bdf-335a-18afef7fee8c@gmail.com"
        type="cite">
        <meta content="text/html; charset=windows-1252"
          http-equiv="Content-Type">
        <br>
        <br>
        <div class="moz-cite-prefix">On 11/08/2016 11:46 AM, Archana
          Singh wrote:<br>
        </div>
        <blockquote
          cite="mid:fbfb9c7b-ad09-6b12-2940-2335dc9729bf@linux.vnet.ibm.com"
          type="cite">
          <meta http-equiv="content-type" content="text/html;
            charset=windows-1252">
          <p><b>Currently</b>:</p>
          <div class="edit-comment-hide">
            <div class="comment-body markdown-body markdown-format
              js-comment-body">
              <p>Upon migrating guest to remote server, password less
                ssh is permanent.<br>
                Due to that, from terminal able to log on to the remote
                server with out prompting password</p>
              <p><b>Propose</b>:</p>
              <p>Upon completion of migration, password-less ssh has to
                revoke.</p>
              <p>Option 1: As migration need password-less ssh, without
                which migration cannot be done, so it should be delete
                once migration is completed.</p>
            </div>
          </div>
        </blockquote>
        I can live with option (1) as long as:<br>
        <br>
        - we clearly warn the user that the password-less setup made by
        Kimchi will be undone<br>
        after the migration;<br>
        <br>
        - if there is an existing password-less setup environment we do
        not undo it.<br>
        <br>
        <blockquote
          cite="mid:fbfb9c7b-ad09-6b12-2940-2335dc9729bf@linux.vnet.ibm.com"
          type="cite">
          <div class="edit-comment-hide">
            <div class="comment-body markdown-body markdown-format
              js-comment-body">
              <p>Option 2: lets update user that on migration
                password-less ssh will be established till migration is
                not completed(May be as document or in UI). And ask user
                if he was to delete the password-less ssh login or not
                in migration UI panel.<br>
              </p>
            </div>
          </div>
        </blockquote>
        <br>
        I think you mean that we can provide the user the option to
        either retain the password-less<br>
        setup or not. I think this is the best option.<br>
        <br>
        <br>
        <blockquote
          cite="mid:fbfb9c7b-ad09-6b12-2940-2335dc9729bf@linux.vnet.ibm.com"
          type="cite">
          <div class="edit-comment-hide">
            <div class="comment-body markdown-body markdown-format
              js-comment-body">
              <p> </p>
              Option 3: Using libvirt.openauth. However I was not able
              to figure out any proper documentation on how to use
              openauth.<br>
            </div>
          </div>
        </blockquote>
        <br>
        Same here.<br>
        <br>
        <blockquote
          cite="mid:fbfb9c7b-ad09-6b12-2940-2335dc9729bf@linux.vnet.ibm.com"
          type="cite">
          <div class="edit-comment-hide">
            <div class="comment-body markdown-body markdown-format
              js-comment-body"> <br>
              As this is kind of security issue, we can go with Option -
              1 to fix the issue for now, enhancement is always
              possible. :)<br>
            </div>
          </div>
        </blockquote>
        <br>
        <br>
        In my opinion if you implement (1) there's not much extra code
        to go for (2). It would be<br>
        basically an extra parameter in the 'migrate' API to indicate
        whether the password-less setup<br>
        should be undone and, if the parameter is 'true', undo it. I
        believe the solution should<br>
        aim to (2).<br>
        <br>
        <br>
        Daniel<br>
        <blockquote
          cite="mid:fbfb9c7b-ad09-6b12-2940-2335dc9729bf@linux.vnet.ibm.com"
          type="cite">
          <div class="edit-comment-hide">
            <div class="comment-body markdown-body markdown-format
              js-comment-body"> <br>
              Thanks,<br>
              Archana Singh<br>
            </div>
          </div>
          <br>
          <fieldset class="mimeAttachmentHeader"></fieldset>
          <br>
          <pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
        </blockquote>
        <br>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Regards,
Suresh Babu Angadi</pre>
  </body>
</html>