<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On Tuesday 15 November 2016 09:52 PM,
Archana Singh wrote:<br>
</div>
<blockquote
cite="mid:d4a00541-0ab1-beb5-e19b-f95e97307c35@linux.vnet.ibm.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p>I will send the patch as per below understanding:</p>
<p>Provide an option for API to specify if password less setup
done by kimchi has to be removed or not.</p>
<p>By default if it is not specified then password less setup done
by kimchi will be removed.</p>
<p>However if password less setup is not done by kimchi it cannot
be removed.</p>
<p>Thanks,<br>
Archana Singh<br>
</p>
</blockquote>
+1<br>
<blockquote
cite="mid:d4a00541-0ab1-beb5-e19b-f95e97307c35@linux.vnet.ibm.com"
type="cite">
<p> </p>
<div class="moz-cite-prefix">On 11/08/2016 09:25 PM, Daniel
Henrique Barboza wrote:<br>
</div>
<blockquote
cite="mid:0ff6cd06-d519-9bdf-335a-18afef7fee8c@gmail.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">On 11/08/2016 11:46 AM, Archana
Singh wrote:<br>
</div>
<blockquote
cite="mid:fbfb9c7b-ad09-6b12-2940-2335dc9729bf@linux.vnet.ibm.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<p><b>Currently</b>:</p>
<div class="edit-comment-hide">
<div class="comment-body markdown-body markdown-format
js-comment-body">
<p>Upon migrating guest to remote server, password less
ssh is permanent.<br>
Due to that, from terminal able to log on to the remote
server with out prompting password</p>
<p><b>Propose</b>:</p>
<p>Upon completion of migration, password-less ssh has to
revoke.</p>
<p>Option 1: As migration need password-less ssh, without
which migration cannot be done, so it should be delete
once migration is completed.</p>
</div>
</div>
</blockquote>
I can live with option (1) as long as:<br>
<br>
- we clearly warn the user that the password-less setup made by
Kimchi will be undone<br>
after the migration;<br>
<br>
- if there is an existing password-less setup environment we do
not undo it.<br>
<br>
<blockquote
cite="mid:fbfb9c7b-ad09-6b12-2940-2335dc9729bf@linux.vnet.ibm.com"
type="cite">
<div class="edit-comment-hide">
<div class="comment-body markdown-body markdown-format
js-comment-body">
<p>Option 2: lets update user that on migration
password-less ssh will be established till migration is
not completed(May be as document or in UI). And ask user
if he was to delete the password-less ssh login or not
in migration UI panel.<br>
</p>
</div>
</div>
</blockquote>
<br>
I think you mean that we can provide the user the option to
either retain the password-less<br>
setup or not. I think this is the best option.<br>
<br>
<br>
<blockquote
cite="mid:fbfb9c7b-ad09-6b12-2940-2335dc9729bf@linux.vnet.ibm.com"
type="cite">
<div class="edit-comment-hide">
<div class="comment-body markdown-body markdown-format
js-comment-body">
<p> </p>
Option 3: Using libvirt.openauth. However I was not able
to figure out any proper documentation on how to use
openauth.<br>
</div>
</div>
</blockquote>
<br>
Same here.<br>
<br>
<blockquote
cite="mid:fbfb9c7b-ad09-6b12-2940-2335dc9729bf@linux.vnet.ibm.com"
type="cite">
<div class="edit-comment-hide">
<div class="comment-body markdown-body markdown-format
js-comment-body"> <br>
As this is kind of security issue, we can go with Option -
1 to fix the issue for now, enhancement is always
possible. :)<br>
</div>
</div>
</blockquote>
<br>
<br>
In my opinion if you implement (1) there's not much extra code
to go for (2). It would be<br>
basically an extra parameter in the 'migrate' API to indicate
whether the password-less setup<br>
should be undone and, if the parameter is 'true', undo it. I
believe the solution should<br>
aim to (2).<br>
<br>
<br>
Daniel<br>
<blockquote
cite="mid:fbfb9c7b-ad09-6b12-2940-2335dc9729bf@linux.vnet.ibm.com"
type="cite">
<div class="edit-comment-hide">
<div class="comment-body markdown-body markdown-format
js-comment-body"> <br>
Thanks,<br>
Archana Singh<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Regards,
Suresh Babu Angadi</pre>
</body>
</html>