[openstack-dev] [openstack][magnum]Create trustee user for each bay
wanghua.humble at gmail.com
Thu Dec 24 08:54:13 UTC 2015
How can user know about other user's trust_id? If the user can know the
trust_id in other user's instance(maybe login to the instance), then other
secrets can be known, too.
In this case, creating a different user for each bay also has a security
risk. So I think the security is based on the security of instance.
On Thu, Dec 24, 2015 at 4:20 PM, 大塚元央 <yuanying at oeilvert.org> wrote:
> Hi, Hua.
> I agree with you if trust_id is secret.
> But I think trust_id is not a secret.
> User can know trustee_user_name and trustee_password from k8s/swarm
> If user knows about other user's trust_id, user can use a other user's
> swift resources.
> This wii be a security risk.
> 2015年12月24日(木) 16:49 王华 <wanghua.humble at gmail.com>:
>> Hi all,
>> I want to create a trustee user for each bay . The discussion for
>> trust is in .
>> Here is my solution:
>> I don't create a user for each bay. All the bays no matter who creates it
>> use the same user.
>> But we create different trust for the user for different bay. The user
>> can not access any service without the trust id. So there is no need to
>> create a user for each bay.
>> OpenStack Development Mailing List (not for usage questions)
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev