[Ovirt-devel] Ovirt Host Tasks
Perry N. Myers
pmyers at redhat.com
Mon Mar 17 19:34:21 UTC 2008
Hugh O. Brock wrote:
> Good question. Seems to me that ideally you want your keytab stored on
> read-only storage (i.e. a cdrom or a usb key with a read-only
> switch or TPM)... which isn't really possible for local HDD storage. Maybe
> this is stupidly paranoid or just doesn't make any sense though.
Hmm. That is a good point but...
Not all USB thumbdrives have read/write toggles. We can of course mandate
that only this type of thumbdrive should be used. (But that's just a
suggestion, I don't think we should enforce it with code)
And onboard flash... The platforms would need to have a way of toggling
write access to platform flash. This is something that would have to be
worked out with hardware vendors.
But in general I agree with your thoughts on this.
Perry
More information about the ovirt-devel
mailing list