You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by Dmitri Chebotarov <dc...@gmu.edu> on 2012/07/03 21:15:29 UTC
Re: "Preferred Password" under User Preferences ?
Hi
Would LDAP authentication be better choice? In this case password policy already enforced by central LDAP server.
Users would login to reservations using the same credentials as for VCL front-end (which uses LDAP auth)
Linux already has built-in support for LDAP authentication.
pGina works well for Windows images. I've not used pGina for extended period of time, done some tests and it looks good.
Thanks.
On May 30, 2012, at 12:11 , Josh Thompson wrote:
> Dmitri,
>
> I like this idea as well. I think to do it right, there should be password
> strength enforcing criteria in place to make sure users have strong passwords.
> I also agree with others that it should be a configurable options. Can you go
> ahead and create a JIRA issue for this?
>
> Thanks,
> Josh
>
> On Friday, May 25, 2012 11:25:00 AM Dmitri Chebotarov wrote:
> > Hi
> >
> > Would it be possible, and is it good idea in general due to possible
> > security risks, to add "Preferred Password" field on User Preferences page
> > (under RDP File Preferences or Personal Information?) to allow user to
> > provide a password for all his/her reservations?
> >
> > Then VCL would use this password (if it's there) for reservations instead of
> > auto-generated password.
> >
> > This is not an auto-connect option, but at least it will make it easier to
> > use VCL. For the last couple days I've been using VCL for some testing and
> > it would be nice to have the same password for all my reservations.
> >
> > --
> > Thank you,
> >
> > Dmitri Chebotarov
> > Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
> > 223 Aquia Building, Ffx, MSN: 1B5
> > Phone: (703) 993-6175
> > Fax: (703) 993-3404
> - --
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
--
Thank you,
Dmitri Chebotarov
Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
223 Aquia Building, Ffx, MSN: 1B5
Phone: (703) 993-6175
Fax: (703) 993-3404
Re: "Preferred Password" under User Preferences ?
Posted by Dmitri Chebotarov <dc...@gmu.edu>.
Hi
There seems to be an issue with pGina and VCL.
One of the reservation steps for Windows image is to auto-login user 'root' on 1st boot to configure SSHD service.
Current version of pGina (3.0.12.1) doesn't support auto-login, so reservation fails.
I've contacted pGina developers about auto-login option - it will be added to the pGina 3.1 (next release, no due date). pGina 3.1.2.0 BETA doesn't have the auto-login option yet.
Thanks.
On Jul 3, 2012, at 15:15 , Dmitri Chebotarov wrote:
> Hi
>
> Would LDAP authentication be better choice? In this case password policy already enforced by central LDAP server.
> Users would login to reservations using the same credentials as for VCL front-end (which uses LDAP auth)
>
> Linux already has built-in support for LDAP authentication.
>
> pGina works well for Windows images. I've not used pGina for extended period of time, done some tests and it looks good.
>
>
> Thanks.
>
> On May 30, 2012, at 12:11 , Josh Thompson wrote:
>
>> Dmitri,
>>
>> I like this idea as well. I think to do it right, there should be password
>> strength enforcing criteria in place to make sure users have strong passwords.
>> I also agree with others that it should be a configurable options. Can you go
>> ahead and create a JIRA issue for this?
>>
>> Thanks,
>> Josh
>>
>> On Friday, May 25, 2012 11:25:00 AM Dmitri Chebotarov wrote:
>>> Hi
>>>
>>> Would it be possible, and is it good idea in general due to possible
>>> security risks, to add "Preferred Password" field on User Preferences page
>>> (under RDP File Preferences or Personal Information?) to allow user to
>>> provide a password for all his/her reservations?
>>>
>>> Then VCL would use this password (if it's there) for reservations instead of
>>> auto-generated password.
>>>
>>> This is not an auto-connect option, but at least it will make it easier to
>>> use VCL. For the last couple days I've been using VCL for some testing and
>>> it would be nice to have the same password for all my reservations.
>>>
>>> --
>>> Thank you,
>>>
>>> Dmitri Chebotarov
>>> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
>>> 223 Aquia Building, Ffx, MSN: 1B5
>>> Phone: (703) 993-6175
>>> Fax: (703) 993-3404
>> - --
>> - -------------------------------
>> Josh Thompson
>> VCL Developer
>> North Carolina State University
>>
>> my GPG/PGP key can be found at pgp.mit.edu
>>
>> All electronic mail messages in connection with State business which
>> are sent to or received by this account are subject to the NC Public
>> Records Law and may be disclosed to third parties.
>
>
>
> --
> Thank you,
>
> Dmitri Chebotarov
> Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
> 223 Aquia Building, Ffx, MSN: 1B5
> Phone: (703) 993-6175
> Fax: (703) 993-3404
>
--
Thank you,
Dmitri Chebotarov
Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
223 Aquia Building, Ffx, MSN: 1B5
Phone: (703) 993-6175
Fax: (703) 993-3404
Re: "Preferred Password" under User Preferences ?
Posted by Josh Thompson <jo...@ncsu.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I think it falls under the security vs. convenience category. Ideally,
everyone would use a different multi-word pass phrase for every account they
deal with. However, that's not very convenient. I like having the option to
allow sites to set up using the same password for the end nodes as for the web
site. What I like even better is being able to generate long random passwords
for each reservation with a way to pass that on to the remote viewer client
(RDP, ssh, VNC, etc), but we haven't been able to solve that one yet (some
good ideas though).
Josh
On Thursday, July 05, 2012 2:52:57 PM Henry Schaffer wrote:
> On Tue, Jul 3, 2012 at 3:15 PM, Dmitri Chebotarov <dc...@gmu.edu> wrote:
> > Hi
> >
> > Would LDAP authentication be better choice? In this case password policy
> > already enforced by central LDAP server. Users would login to
> > reservations using the same credentials as for VCL front-end (which uses
> > LDAP auth) ...
>
> I was under the impression that having two separate passwords - the
> user's own which is used to login in to the front end (often using
> LDAP), and then the one-time password used to log into a reservation
> enhanced security by tying together the web front-end session with the
> image reservation.
>
> If this is correct, then perhaps using the same LDAP credentials is
> a step backwards.
>
> --henry schaffer
- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iEYEARECAAYFAk/17dIACgkQV/LQcNdtPQOZjACff+z7iktyL933Bucz1lUBvpMV
DcoAnj46kYk/i4v7QjIZ0dJMsR6GVHQ6
=0rev
-----END PGP SIGNATURE-----
Re: "Preferred Password" under User Preferences ?
Posted by Henry Schaffer <he...@ncsu.edu>.
On Tue, Jul 3, 2012 at 3:15 PM, Dmitri Chebotarov <dc...@gmu.edu> wrote:
> Hi
>
> Would LDAP authentication be better choice? In this case password policy already enforced by central LDAP server.
> Users would login to reservations using the same credentials as for VCL front-end (which uses LDAP auth)
> ...
I was under the impression that having two separate passwords - the
user's own which is used to login in to the front end (often using
LDAP), and then the one-time password used to log into a reservation
enhanced security by tying together the web front-end session with the
image reservation.
If this is correct, then perhaps using the same LDAP credentials is
a step backwards.
--henry schaffer