Re: [Libguestfs] [PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
On Fri, Jun 29, 2018 at 12:55:16AM +0300, Nir Soffer wrote:
I don't think we should make it easy to have a static files with
many keys and user names. Shared key should be used exactly once,
for single operation. This means that you cannot loose the key and
you don't need to manage it.
It would be best if we could pass the key to without writing it to
actual file so we don't have to clean it up later.
This is true, but it's difficult to pass the key securely to the
server except through a temporary file or a pipe.
Note that --tls-psk as proposed allows both (using a bit of bash trickery):
nbdkit --tls-psk=/tmp/keys.psk
nbdkit --tls-psk=<( my-secure-key-generating-program )
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top