[Ovirt-devel] [PATCH node] Use --no-check-certificate with wget
Ian Main
imain at redhat.com
Wed Feb 25 16:54:13 UTC 2009
On Wed, 25 Feb 2009 07:53:30 -0500
Perry Myers <pmyers at redhat.com> wrote:
> Ian Main wrote:
> > This patch adds the --no-check-certificate to wget for all wgets since
> > the server now requires ssl and doesn't have a valid cert. I'm not
> > certain this is the best way to handle this case but I'm posting this
> > patch anyway to see if it works and if it's an acceptable solution.
> > Note that I have not yet tested this either. :)
>
> ovirt-listen-awake is only used on the 'demo setup' (i.e. running guests
> on the host where the ovirt-appliance is running) so no issues with that.
Ah, I was wondering if it was even used at all..
> The other two places are during normal oVirt Node startup. This method of
> retrieving keytabs from the oVirt Server was already insecure (and noted
> as such) so this doesn't make it any worse. However, we should make it
> clear that just because the keytabs are retrieved over SSL there is still
> no guarantee of security using this scheme.
>
> The only secure method of distributing keytabs at the moment is providing
> them via sneaker-net on a USB thumb drive.
>
> Perry
Yes, good point. Thanks Perry.
Ian
More information about the ovirt-devel
mailing list