0 Replies Latest reply on Apr 23, 2013 12:19 PM by KrisK201110141

    Password in-the-clear in vami ovf properties and in vCenter 4.0

    KrisK201110141 Novice

      We have been working on ways to keep the root password from being in-the-clear both within vCenter Edit Settings and via VAMI

      We have the user set a root password at deployment-time using the vami.password property via its edit boxes.  There are two scenarios where we are having issues.

       

      (1)  For vCenter 5.1 deployments:  We strip the root password out of the ovfEnv.xml file in /opt/vmware/etc/vami in first and subsequent boots after using it by running the script snippet:

       

      # remove password from xml file now that we have used it
      cat /opt/vmware/etc/vami/ovfEnv.xml | grep -v vami.password > temp.txt
      mv temp.txt /opt/vmware/etc/vami/ovfEnv.xml
      This password is not visible in vCenter 5.1 when you look at the appliance ovfEnv.xml file after boot and also it is hidden in:
      Edit Settings ->Options->OVF Settings
      That's great but when you look at ovf properties of the same appliance in the VAMI interface:
      System->Information-> click the OVF Envirnment "View" button the root password is still visible in the clear
      While you have to be root to get to that point, it would still be nice to blank out the root password.
      (2) When deploying to vCenter 4.x the password is in-the-clear both in the vCenter properties, even when stripping it out of ovfEnv.xml, AND via vami.
        It seems 4.x does not treat the vami.password field as a secure field but just shows the value in the vCenter properties.
      Is there some way to hide the password when viewed via vami for 5.x and 4.x?
      Is there some way to hide the password when deploying to vCenter 4.x within the settings view for 4.x?
      Unfortunately we have to support users under both 4.x and 5.x
      I have serached with find and grep for the password in *.xml, *.html, *.sh, and *.txt files under /opt/vmware to no avail (after stripping it out of ovfEnv.xml)