[pve-devel] [PATCH v3 access-control/cluster/manager 0/5] auth key rotation

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Mar 14 11:30:46 CET 2019


On 3/13/19 3:01 PM, Fabian Gr├╝nbichler wrote:
> changes since v2:
> - clean up error handling for calls to cfs_lock_authkey
> - disable rotation until PVE 6.0
> - add posinst for smoother upgrading once rotation gets enabled
> 
> changes since v1:
> - add rotation in pvestatd
> - accept tickets signed with current key if cluster is not quorate (no rotation possible)
> - rotate once every 24h
> 

applied access-control stuff with fixups required, see patch replies for details.

delayed bumping and manager patch for now, I'd like that you re-check this also one
time to ensure it works, so that not additional work needs to be done.




More information about the pve-devel mailing list