[openstack-dev] passwords in logs --security related

Matt Joyce matt.joyce at cloudscaling.com
Thu Apr 18 17:52:32 UTC 2013


there are some clients using keychains to store auth creds so that you
don't need to continually authenticate / enter password.

clarity

On Thu, Apr 18, 2013 at 8:00 AM, Dolph Mathews <dolph.mathews at gmail.com>wrote:

> 1) passwords are currently logged by keystone when you enable debug mode
> (and there's a big warning in the sample.conf about passwords in plain text)
> 2) the fix is very specific to the identity api's json presentation of
> passwords
> 3) if any other service is handling passwords, then we're doing something
> very wrong
>
> I don't see a reason for anything to go into oslo?
>
>
> -Dolph
>
>
> On Thu, Apr 18, 2013 at 1:48 AM, Bhandaru, Malini K <
> malini.k.bhandaru at intel.com> wrote:
>
>>  Hello All!****
>>
>> ** **
>>
>> David Geng is addressing a case of password logging in keystone. Do we
>> handle any passwords in other openstack****
>>
>> components and log them?  Might they benefit from David moving his fix
>> into Oslo as a log filter (a nice suggestion from Guang-yee).****
>>
>> Please weigh in. If yes, what is expected the string pattern?****
>>
>> ** **
>>
>> https://review.openstack.org/#/c/26487/****
>>
>> ** **
>>
>> ** **
>>
>> Regards****
>>
>> Malini****
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130418/53c9d546/attachment.html>


More information about the OpenStack-dev mailing list