[Swift-devel] auth.defaults
Mihael Hategan
hategan at mcs.anl.gov
Wed Aug 11 15:18:56 CDT 2010
On Wed, 2010-08-11 at 12:57 -0400, David Kelly wrote:
> Hello all,
>
> During today's conference call we were discussing auth.defaults in
> relation to swiftconfig, but it expanded into a more general
> discussion about how swift uses auth.defaults. I was asked to send an
> email to the list to discuss it further.
>
> One of the concerns mentioned was security. Is there a way to
> transition from having passwords stored in plaintext to another
> method, perhaps an agent-based authentication?
Right now ssh agents can't be used from java do to they way they are
implemented (unix domain sockets).
But it's also not necessary to put in the passwords. You get prompted
for one if you don't, and it is cached for as long as the JVM lasts
(which may or may not be a security concern in itself).
>
> Another thing that would be nice, for swiftconfig/swiftrun, would be
> to have a per-host auth.defaults outside of .ssh. Then you could
> specify the auth.defaults file to use, as you currently can with sites
> and tc. Currently this might not be a good idea due to security
> concerns, but if we could eliminate the passwords this might be
> possible?
I don't think I understand what you mean by "per-host auth.defaults".
More information about the Swift-devel
mailing list