[pve-devel] [PATCH v3 access-control/cluster/manager 0/5] auth key rotation

Fabian Gr├╝nbichler f.gruenbichler at proxmox.com
Fri Mar 15 12:20:49 CET 2019


On Thu, Mar 14, 2019 at 11:30:46AM +0100, Thomas Lamprecht wrote:
> On 3/13/19 3:01 PM, Fabian Gr├╝nbichler wrote:
> > changes since v2:
> > - clean up error handling for calls to cfs_lock_authkey
> > - disable rotation until PVE 6.0
> > - add posinst for smoother upgrading once rotation gets enabled
> > 
> > changes since v1:
> > - add rotation in pvestatd
> > - accept tickets signed with current key if cluster is not quorate (no rotation possible)
> > - rotate once every 24h
> > 
> 
> applied access-control stuff with fixups required, see patch replies for details.
> 
> delayed bumping and manager patch for now, I'd like that you re-check this also one
> time to ensure it works, so that not additional work needs to be done.

re-tested both pve-access-control and pve-manager, thanks for your diligence and fixups!



More information about the pve-devel mailing list