[one-users] user management

[Shi Jin]

Hi there,

I have a couple of questions regarding user management in OpenNebula.
1. I just updated the subversion code and found out the ONE_AUTH has
already been used to point to a file to maintain the
<username>:<password> combo, which I think is better than an
environment variable. However, the plain text password is still
stored. I am wondering whether it is better to actually store the
hashed password instead, just like  what's stored in the database and
what "oneuser list" gives. Also, if we only want to start the
OpenNebula service on a machine, not to run any command, do we really
need to setup this environment variable? I tried without in "one
start". I got an error message about it but the service seems to be
running already.

2. In AWS EC2, both the access key and the secret key  are hashed. I
tried to use the econe API and found out only the secret key is hashed
while the access key is still the plain text username. For security
considerations, I think hashing both keys like EC2 is a better
solution and I don't think it is that technically more challenge. Am I
right about this?

I would love to learn whether the above issues are within OpenNebula
roadmap. Thank you very much.


-- 
Shi Jin, Ph.D.