[pve-devel] nexenta plugin problems

Dietmar Maurer dietmar at proxmox.com
Fri Aug 24 17:27:59 CEST 2012

> I don't see any problem here. We can create a new NON UNIX User in
> Nexenta which has just the permissions you need.
> Then choose a long passwort (max. 40 characters are accepted) it's then like
> an api key. Where's the difference if we have an API Key or a password?

I will not allow to store any password inside /etc/pve/storage.cfg.

That file is readable by www-data user, so that is a major security hole.

Any other ideas?

More information about the pve-devel mailing list