Need to document in the release notes how passwords should be used for rhevm templates


+++ This bug was initially created as a clone of Bug #718226 +++

Description of problem:
I've just coerced a guest to build and launch on vSphere. No ssh keypair is present, and I was able to ssh in as root with the default 'ozrootpw' password. In theory the user can override this in the template, but if they don't, minting VM images with a predictable root password will be a security risk.


Version-Release number of selected component (if applicable):
imagefactory-0.2.2-1.el6.noarch

How reproducible:
100%

Expected results:
Guests are not launched with a publicly-known root password.

--- Additional comment from clalance on 2011-07-01 11:46:48 EDT ---

So the thing is that Oz already has the ability to set the root password at build time, via the <rootpw> tag (see the RelaxNG schema for the right placement).  I'm thinking that we should "enforce" this tag at the imagefactory level by not accepting builds unless they have this tag set.  That will at least make sure that builds coming from the factory aren't insecure by default.

Chris Lalancette

--- Additional comment from whayutin on 2011-07-06 12:02:46 EDT ---

sounds like a doc issue for beta release notes