WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] special passwords for xenserver direct console, could it

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] special passwords for xenserver direct console, could it be?
From: "stabeek" <stabeek@xxxxxxxxx>
Date: Wed, 13 Oct 2010 16:13:37 +0200
Delivery-date: Wed, 13 Oct 2010 07:48:45 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4CB4B914.6050603@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20101012103953.31652.qmail@xxxxxxxxxxxxxxxx> <4CB4B914.6050603@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Many thanks Craig for your answer. I got enlightened to a fact from the reply: that though XenServer Mgmt Console might seem to ask for the root password of a VM, by virtue of being in the List VirtualMachines part of the menu-tree, it in fact wants the same XenServer Mgmt root password, not the VM root PWD. The upshot being that having the root passwords of the individual VMs is only part of the admin access, and that the Xenserver root password is just as, maybe even more, important. Well, I am not in that position, so I must consider restting the password as per this link. http://xtravirt.com/how-reset-root-password-citrix-xenserver-5 By way of conclusion (unless anybody corrects/contradicts), that would appear to be the best course of action. Cheers!

Craig Miskell writes:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
stabeek wrote:
Hi,
Would appreciate any comments on the following scenario. Thanks in advance.
I'm a newcomer to xen and have received a machine with several VMs
running on it. I also have the root passwords to the VMs at keast one of
which I can log into as root via ssh.
I can also connect a keyboard and screen directly to the machine and I
get a XenServer Management console coming up in ncurses style.
However the root password I use for ssh is rejected by this Mgmt console
when I select and request login into the machine I just ssh'd into.
The possibility of the Xenserver Mgmt console needing a different typoe
of root password is not impossible (i'm new to xen, so I tend to expect
and believe anything), but at the same time it not hugely conventional.
Having two types of "root passwords" ... well ... I suppose one could
get used to it, but it will cause not a little confusion.
I decided that it can't be, so I checked and re-checked my typing and
the keyboard to make sure it enters what I typed.
One thing this Mgmt console can't do is allow non-root access. You
overwrite the UID part (it allows you to overwrite "root") and you ente
a valid username for the VM in question, and it says "only root can log
in here" or something to that effect.
Grateful for any comments. Many thanks.
Hi,
        This is quite normal.  The host running the XenServer Mgmt console is a 
much
more trusted server than the guests; in essence, connecting through the host
gives you full access to the guests.  The reverse is not true.  So, in some
scenarios that may be a large part of the design (untrusted guests under the
control of non-local people), where having the same root password would be
inadvisable.
You are quite entitled to set the root password on the management console to be
the same as the guests, but there's no connection between them, by design.
- --
Craig Miskell
Senior Systems Administrator
Opus International Consultants
Phone: +64 4 471 7209
Real programmers program by whistling down the MIC IN port of a ZX80.
        - Adrian Millett
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAky0uRQACgkQmDveRtxWqnY6MACgoKqXXNSXmBDzn9bIibeSqN79
x0oAoLLX/+CCwBN1F2BTg5bnqx2h6fq7
=H20z
-----END PGP SIGNATURE-----

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>