[openstack-dev] Regarding Multi-Factor Authentication
lhinds at redhat.com
Fri Oct 13 08:56:56 UTC 2017
On Thu, Oct 12, 2017 at 11:49 PM, Puneet Jain <punitjain at csu.fullerton.edu>
> Hi All,
> The OpenStack login screen has just login name and password for
> validation. Now, if someone writes a script to perform DoS attacks by
> sending a lot of fake login requests, the server will easily become
If you have found an exploit please raise it in launchpad and mark as
security bug for the VMT to look at.
> I know there is a section in the security page which talks about
> multi-factor authentication. However, each organization has to implement
> this at their own (Correct me if I am wrong here).
> Is there any property based solution to provide multifactor
> authentication? Like, the multi-factor implementation would be a part of
> OpenStack installation but would be unavailable by default and if an
> organization enables that property, they will have the multifactor
> authentication enabled.
> I apologize if my question is very basic. I am quite new to OpenStack.
So keystone is an *identity service*, it's not positioned as being an
*identity provider* (although it can act as a basic provider by using an
instance of mariadb, but this is not the norm for production deployments).
Instead a typical deployment will have third party systems act as identity
provider, and this could be in any form such as LDAP, Active Directory
and SAML / OpenID via Federation. The operator would then implement MFA in
their chosen identity provider.
I recommend a read of this:
For this reason, its unlikely that Keystone will provide MFA out of the box.
> Puneet Jain
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat
e: lhinds at redhat.com | irc: lhinds @freenode | m: +44 77 45 63 98 84 | t: +44
12 52 36 2483
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev