[pve-devel] [PATCH v2 access-control/cluster/manager 0/4] auth key rotation

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Mar 6 11:30:53 CET 2019


changes since v1:
- add rotation in pvestatd
- accept tickets signed with current key if cluster is not quorate (no rotation possible)
- rotate once every 24h

pve-manager:

Fabian Grünbichler (1):
  pvestatd: rotate auth keys if necessary

 PVE/Service/pvestatd.pm | 12 ++++++++++++
 1 file changed, 12 insertions(+)

pve-access-control:

Fabian Grünbichler (1):
  fix #2079: add periodic auth key rotation

 PVE/AccessControl.pm | 215 +++++++++++++++++++++++++++++++++++++++----
 1 file changed, 195 insertions(+), 20 deletions(-)

pve-cluster:

Fabian Grünbichler (2):
  cluster: add cfs_lock_authkey
  cluster: use lock for legacy authkey generation

 data/PVE/Cluster.pm | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)



More information about the pve-devel mailing list