[one-users] Privacy in Sunstone

Hector Sanjuan lists at convivencial.org
Thu Aug 15 12:41:14 PDT 2013


If you are really worried about privacy you should not let users connect  
via VNC to the machines, least of all via a web client.

VNC is handy to see why a machine doesn't boot and other specific  
administration tasks, but other than that you may want to have your users  
ssh into the machines with public-key authentication only.

Still... whatever you do...  oneadmin runs the cloud. That means the  
person behind oneadmin can connect to any hypervisor and enter any VM at  
will and see/log what he/she wants. No real need to use VNC if you are  
oneadmin and want to see what's going on somewhere.

Br, Hector

On Thu, 15 Aug 2013 16:42:18 +0200, Mohammad Fazli Ahmat Jalaluddin  
<fazli.jalaluddin at gmail.com> wrote:

> Hi,
>
> Thank you for the explanation, but password in UNIX is stored in hashes  
> while password for SPICE or VNC is stored in >plaintext.
>
> Is there any way to encrypt the password?
>
> Thank you.
>
> Regards
>
>
> On Thu, Aug 15, 2013 at 8:33 PM, Daniel Molina <dmolina at opennebula.org>  
> wrote:
>> Hi,
>>
>>
>> On 15 August 2013 06:10, Mohammad Fazli Ahmat Jalaluddin  
>> <fazli.jalaluddin at gmail.com> wrote:
>>> Hi,
>>>
>>> I just wondering, why OpenNebula admin (oneadmin) can access to all  
>>> user's VM?
>>> If the admin open user's VM VNC, they can see what the users are  
>>> doing. Is the any way to prevent this?
>>>
>>> Also, admin can see template details such as PASSWORD for SPICE or VNC  
>>> even for user's template.
>>
>> The oneadmin account it's like root in UNIX, with this account you have  
>> full access to the cloud resources. You can >>define ACLs and  
>> permissions for the rest of users, but oneadmin will ignore these rules.
>>
>> Cheers
>>
>>>
>>> Thank you.
>>>
>>> Regards
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>
>>
>>
>>>> --
>> Join us at OpenNebulaConf2013 in Berlin, 24-26 September, 2013
>> --
>> Daniel Molina
>> Project Engineer
>> OpenNebula - The Open Source Solution for Data Center Virtualization
>> www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>



-- 
Hector Sanjuan
@hecsanjuan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130815/4acb560b/attachment-0002.htm>


More information about the Users mailing list