[openstack-dev] Keystone Hashing MD5 to SHA256
ayoung at redhat.com
Mon Jan 6 15:19:39 UTC 2014
If it were as easy as just replaceing hteh hash algorithm, we would
have done it a year + ago. I'm guessing you figured that by now.
Here is the deal: We need to be able to make things work side by side.
Not sure how to do that, but I think the right solution is to make
keystone configurable first, so that you can set the hashing algorithm
in the config file, and that python-keystoneclient should be able to
handle both. Since the PKC doesn't tend to talk to multiple Keystones,
that should probably be sufficient.
In the future, Keystones need to be advertise, somehow, what Hashing
algorithm it uses. It probably can/should stick that data in the token.
More information about the OpenStack-dev