[Openstack] OS API server password generation

Justin Santa Barbara justin at fathomdb.com
Thu Mar 3 01:01:45 UTC 2011

I think we need the option _not_ to inject a password (e.g. if I'm on Linux
and am going to use SSH private keys, or if I have another higher-security
means of accessing my server)  Does the API support this (yet)?

Also, I know security through obscurity isn't really security, but if we're
open source, I think we must have "strong" password generation, whatever may
or may not have been the case in the past.  I suggest beefing up the
generate_password function to make use of os.urandom (which I know isn't
perfect either, but is probably secure enough for anyone willing to rely on
a password)


On Wed, Mar 2, 2011 at 4:52 PM, Ed Leafe <ed at leafe.com> wrote:

> On Mar 2, 2011, at 4:11 PM, Dan Prince wrote:
> > We created a blueprint on adding support for password generation when
> creating servers. This is needed for Openstack API/Cloud Servers API v1.0
> parity.
> >
> > We are anxious to get this work started so if you are interested please
> review the following:
> >
> >
> https://blueprints.launchpad.net/nova/+spec/openstack-api-server-passwords
> >
> > http://etherpad.openstack.org/openstack-api-server-passwords
>         There is a basic password generator in nova/utils.py. It returns a
> combination of digits and letters to whatever length you request. There is
> no pretension of being the last word in high security, but it should be
> equivalent to the current default password generation in Cloud Servers.
> -- Ed Leafe
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20110302/ff4cd6de/attachment.html>

More information about the Openstack mailing list