[openstack-dev] [Keystone] Multi-factor Auth with Keystone and TOTP

Adrian Turjak adriant at catalyst.net.nz
Mon Jul 18 23:22:31 UTC 2016



On 19/07/16 03:31, Steve Martinelli wrote:
> I think the change you posted could very much just
> replace the existing password plugin in keystone (
> https://review.openstack.org/#/c/343422/) and not be it's own plugin.
> 
> How about a specification instead?
> https://github.com/openstack/keystone-specs :)
> It's unlikely to land in Newton, but would be a candidate for O.
> 

Will do. I'll edit my patch/blueprint to be clear that this is a
replacement for password that does not affect normal username/password
functionality, just adds MFA support, and write a spec for the O release. :)

Although looking at that repo, since there isn't a folder yet for O,
should I just throw it in ongoing?

As for your gerrit comments:
> Is there a reason you created totp_password plugin and not just added
to the existing password plugin?"

Mainly I wasn't sure if this was something people wanted and I didn't
want to propose replacing the default password auth module as I thought
an optional second plugin would be easier to get people to approve.
Turns out I was wrong!








More information about the OpenStack-dev mailing list