Ubuntu
eucalyptus package

Add cert/Key revocation features

Bug #457915 reported by Nick Barcet
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Eucalyptus
New
Wishlist
chris grzegorczyk
eucalyptus (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

Can't find a way (at least on the web ui) to:
 * revoke my cert and generate a new one
 * revoke my access and secret keys and generate a new one
What is the recommended procedure if those are compromised?

Revision history for this message
Thierry Carrez (ttx) wrote :

Is it something that EC2 supports ?

Changed in eucalyptus (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
summary: - Revoke cert/Key is not available?
+ Add cert/Key revocation features
chris grzegorczyk (chris-grze)
Changed in eucalyptus:
assignee: nobody → chris grzegorczyk (chris-grze)
chris grzegorczyk (chris-grze)
Changed in eucalyptus:
importance: Undecided → Wishlist
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Thierry asked a question, about EC2 and compatibility with them. Marking incomplete...

Changed in eucalyptus (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Not exactly the same thing, Nick, but the Admin can disable a user in the Web UI.

Click on Users -> Actions -> Disable

Does that suffice?

Revision history for this message
Nick Barcet (nijaba) wrote : Re: [Bug 457915] Re: Add cert/Key revocation features

It does not solve the stated use case -> compromission of account keys.

I understand the work around that would be to disable/destroy the
current account and create a new one, but that would also mean loosing
access to all of the user's stored data and that would not be acceptable.

Revision history for this message
Scott Moser (smoser) wrote :

Marking this triaged and wishlist.
As far as I'm aware there is no way to revoke credentials in Eucalyptus.

In EC2, this can be done through their web UI, and also with IAM credentials done programmatically.

I believe eucalyptus is intending to support IAM, so that would likely be a solution at some point.

Changed in eucalyptus (Ubuntu):
status: Incomplete → Triaged
Revision history for this message
Andy Grimm (agrimm) wrote :

This issue is now being tracked upstream at http://eucalyptus.atlassian.net/browse/EUCA-2668

Please watch that issue for further updates.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.