Can we get rid of the hash(password) dance?
John Meinel
john at arbash-meinel.com
Thu Jul 17 04:49:20 UTC 2014
Michael is working on changing how we handle sessions with Mongo, and
noticed that his first attempt started running into Auth failures.
It turned out that this was because of the hash(password) dance. (For those
who don't know, in certain circumstances we used to seed the password for
the database with the hash(password) and then once we had a secure channel
we would replace it with the real password.)
I believe all of our production bootstrap code has gotten rid of the
password dance, because we now just use cloud-init to bring up a machine
and then SSH into that machine to finish provisioning. Thus all the
information is already over the secure SSH channel, instead of the insecure
cloud-init user data.
>From what I can tell poking around the code base, the only place that still
uses the hash(password) is actually in the Dummy provider.
I feel like we're at a point where we can safely remove that from the Dummy
provider, and also remove the fallback code in our 'connect to the
database' code. (If we leave it in, then I think after changing the
password just reconnecting to the database is fine, because it should
happen infrequently.
Thoughts?
John
=:->
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju-dev/attachments/20140717/2e1f332e/attachment-0001.html>
More information about the Juju-dev
mailing list