[openstack-dev] Keystone Hashing MD5 to SHA256

Adam Young ayoung at redhat.com
Mon Jan 6 15:19:39 UTC 2014


Dirk,

If it were as  easy as just replaceing hteh hash algorithm, we would 
have done it a year + ago.  I'm guessing you figured that by now.

Here is the deal:  We need to be able to make things work side by side.  
Not sure how to do that, but I think the right solution is to make 
keystone configurable first, so that you can set the hashing algorithm 
in the config file, and that python-keystoneclient should be able to 
handle both.  Since the PKC  doesn't tend to talk to multiple Keystones, 
that should probably be sufficient.

In the future, Keystones  need to be advertise, somehow, what Hashing 
algorithm it uses.  It probably can/should stick that data in the token.

Thoughts?



More information about the OpenStack-dev mailing list