[Libguestfs] [PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
Richard W.M. Jones
rjones at redhat.com
Fri Jun 29 12:25:20 UTC 2018
On Fri, Jun 29, 2018 at 12:55:16AM +0300, Nir Soffer wrote:
> I don't think we should make it easy to have a static files with
> many keys and user names. Shared key should be used exactly once,
> for single operation. This means that you cannot loose the key and
> you don't need to manage it.
>
> It would be best if we could pass the key to without writing it to
> actual file so we don't have to clean it up later.
This is true, but it's difficult to pass the key securely to the
server except through a temporary file or a pipe.
Note that --tls-psk as proposed allows both (using a bit of bash trickery):
nbdkit --tls-psk=/tmp/keys.psk
nbdkit --tls-psk=<( my-secure-key-generating-program )
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
More information about the Libguestfs
mailing list