register with an Identity Provider based on one time password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Expired
|
Low
|
Adam Young |
Bug Description
When launching a virtual machine, the baseline access method used by most infrastructure is to copy a public key onto the vm in a known location. This has several shortcomings:
1. Keys have no expiration or revocation
2. Keys are specific to a user, providing no way top perform group operations
A preferred approach is to register the machine with a centralized authenitation source, such as FreeIPA.
While it is possible to perform the registration in two steps, therei s a naming issue involved that makes it difficult to perform.
Inseat, we want to be able to specify a new key for a one time password, or OTP. For FreeIPA, the goal is to do something like
ipa-client-install ${otp}
during the cloud-init process, without taking over all of cloud-init.
This bug is for the feature. We will continue to drive the design in the comments.
Changed in cloud-init: | |
assignee: | nobody → Adam Young (ayoung) |
I'd generally be ok with this. from my understanding it woudl just be a config module that needed to configure the system.