[one-users] Privacy in Sunstone
Mohammad Fazli Ahmat Jalaluddin
fazli.jalaluddin at gmail.com
Thu Aug 15 17:02:34 PDT 2013
Thank you
On Fri, Aug 16, 2013 at 3:41 AM, Hector Sanjuan <lists at convivencial.org>wrote:
> **
> If you are really worried about privacy you should not let users connect
> via VNC to the machines, least of all via a web client.
>
> VNC is handy to see why a machine doesn't boot and other specific
> administration tasks, but other than that you may want to have your users
> ssh into the machines with public-key authentication only.
>
> Still... whatever you do... oneadmin runs the cloud. That means the
> person behind oneadmin can connect to any hypervisor and enter any VM at
> will and see/log what he/she wants. No real need to use VNC if you are
> oneadmin and want to see what's going on somewhere.
>
> Br, Hector
>
> On Thu, 15 Aug 2013 16:42:18 +0200, Mohammad Fazli Ahmat Jalaluddin <
> fazli.jalaluddin at gmail.com> wrote:
>
> Hi,
>
> Thank you for the explanation, but password in UNIX is stored in hashes
> while password for SPICE or VNC is stored in plaintext.
>
> Is there any way to encrypt the password?
>
> Thank you.
>
> Regards
>
>
> On Thu, Aug 15, 2013 at 8:33 PM, Daniel Molina <dmolina at opennebula.org>wrote:
>
>> Hi,
>>
>>
>> On 15 August 2013 06:10, Mohammad Fazli Ahmat Jalaluddin <
>> fazli.jalaluddin at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I just wondering, why OpenNebula admin (oneadmin) can access to all
>>> user's VM?
>>>
>>> If the admin open user's VM VNC, they can see what the users are doing.
>>> Is the any way to prevent this?
>>>
>>> Also, admin can see template details such as PASSWORD for SPICE or VNC
>>> even for user's template.
>>>
>>
>> The oneadmin account it's like root in UNIX, with this account you have
>> full access to the cloud resources. You can define ACLs and permissions for
>> the rest of users, but oneadmin will ignore these rules.
>>
>> Cheers
>>
>>
>>>
>>> Thank you.
>>>
>>> Regards
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>
>>
>> --
>> Join us at OpenNebulaConf2013 <http://opennebulaconf.com/> in Berlin,
>> 24-26 September, 2013
>> --
>> Daniel Molina
>> Project Engineer
>> OpenNebula - The Open Source Solution for Data Center Virtualization
>> www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>>
>
>
>
>
> --
> Hector Sanjuan
> @hecsanjuan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130816/1709d901/attachment-0002.htm>
More information about the Users
mailing list