register with an Identity Provider based on one time password
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| cloud-init |
Expired
|
Low
|
Adam Young | ||
Bug Description
When launching a virtual machine, the baseline access method used by most infrastructure is to copy a public key onto the vm in a known location. This has several shortcomings:
1. Keys have no expiration or revocation
2. Keys are specific to a user, providing no way top perform group operations
A preferred approach is to register the machine with a centralized authenitation source, such as FreeIPA.
While it is possible to perform the registration in two steps, therei s a naming issue involved that makes it difficult to perform.
Inseat, we want to be able to specify a new key for a one time password, or OTP. For FreeIPA, the goal is to do something like
ipa-client-install ${otp}
during the cloud-init process, without taking over all of cloud-init.
This bug is for the feature. We will continue to drive the design in the comments.
| Changed in cloud-init: | |
| assignee: | nobody → Adam Young (ayoung) |
| Scott Moser (smoser) wrote | #1 |
| Changed in cloud-init: | |
| status: | New → Triaged |
| importance: | Undecided → Low |
| James Falcon (falcojr) wrote | #2 |
| Changed in cloud-init: | |
| status: | Triaged → Expired |
I'd generally be ok with this. from my understanding it woudl just be a config module that needed to configure the system.