----- Original Message -----
From: "Sven Kieske" <S.Kieske@mittwald.de> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Users@ovirt.org List" <Users@ovirt.org> Sent: Wednesday, March 19, 2014 2:27:13 PM Subject: Re: [Users] changing the password of the ovirt root ca
I'm sorry, but I'm not sure if I understand you correctly.
What I want to do, is to change the password which protects
the Certificate Authority which gets created during engine setup.
I thought this root CA Key is protected by a passphrase, which was
created during engine-setup.
Is this not the case?
As far as I understand your answer you are telling me there is no password protecting the private key which secures the CA and all programs which use it are just secured through file permission ACLs?
Please correct me where I'm wrong.
No you are not wrong, there is a static password which equals to no password. Key is protected by filesystem ACL. Having a password generated each setup will require to store this password on filesystem, which result in same level of security.
Thanks in advance
Am 19.03.2014 11:40, schrieb Alon Bar-Lev:
Well... yes... it is used by all components that access the file. The system ACL is what actually protects it, or we need to add a parameter to all programs that use this file, and engine need this before it starts... so only manual startup will be supported.
-- Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen