[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Ovirt-devel] Ovirt Host Tasks



Hugh O. Brock wrote:
Good question. Seems to me that ideally you want your keytab stored on
read-only storage (i.e. a cdrom or a usb key with a read-only
switch or TPM)... which isn't really possible for local HDD storage. Maybe
this is stupidly paranoid or just doesn't make any sense though.

Hmm.  That is a good point but...

Not all USB thumbdrives have read/write toggles. We can of course mandate that only this type of thumbdrive should be used. (But that's just a suggestion, I don't think we should enforce it with code)

And onboard flash... The platforms would need to have a way of toggling write access to platform flash. This is something that would have to be worked out with hardware vendors.

But in general I agree with your thoughts on this.

Perry


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]