[openstack-dev] [Keystone] Multi-factor Auth with Keystone and TOTP

Adrian Turjak adriant at catalyst.net.nz
Mon Jul 18 21:59:56 UTC 2016



On 19/07/16 01:49, David Stanek wrote:
> On Mon, Jul 18, 2016 at 9:13 AM, Adrian Turjak <adriant at catalyst.net.nz> wrote:
>> We need an MFA solution, and this doesn't seem like too terrible an option.
> 
> 
> One thing to note here is that the credentials for TOTP stored in the
> keystone credentials backend are not encrypted. So a breach of your
> database could expose those to an attacker. This is a review[1] to fix
> this issue that is close to merging.
> 
> 1. https://review.openstack.org/#/c/317169/
> 

Have noticed this, and we are looking at a few options to do something
about this by protecting our Keystone database. This review is ideal and
something I will keep and eye on!



More information about the OpenStack-dev mailing list