[Users] changing the password of the ovirt root ca
Alon Bar-Lev
alonbl at redhat.com
Wed Mar 19 13:36:01 UTC 2014
----- Original Message -----
> From: "Sven Kieske" <S.Kieske at mittwald.de>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "Users at ovirt.org List" <Users at ovirt.org>
> Sent: Wednesday, March 19, 2014 2:27:13 PM
> Subject: Re: [Users] changing the password of the ovirt root ca
>
> I'm sorry, but I'm not sure if I understand you correctly.
>
> What I want to do, is to change the password which protects
>
> the Certificate Authority which gets created during engine setup.
>
> I thought this root CA Key is protected by a passphrase, which was
>
> created during engine-setup.
>
> Is this not the case?
>
> As far as I understand your answer you are telling me there is
> no password protecting the private key which secures the CA
> and all programs which use it are just secured through
> file permission ACLs?
>
> Please correct me where I'm wrong.
No you are not wrong, there is a static password which equals to no password.
Key is protected by filesystem ACL.
Having a password generated each setup will require to store this password on filesystem, which result in same level of security.
>
> Thanks in advance
>
> Am 19.03.2014 11:40, schrieb Alon Bar-Lev:
> > Well... yes... it is used by all components that access the file.
> > The system ACL is what actually protects it, or we need to add a parameter
> > to all programs that use this file, and engine need this before it
> > starts... so only manual startup will be supported.
>
> --
> Mit freundlichen Grüßen / Regards
>
> Sven Kieske
>
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
More information about the Users
mailing list