[Openstack-operators] Security around enterprise credentials and OpenStack API

Mathieu Gagné mgagne at iweb.com
Wed Apr 1 00:06:03 UTC 2015


Lets say I wish to use an existing enterprise LDAP service to manage my
OpenStack users so I only have one place to manage users.

How would you manage authentication and credentials from a security
point of view? Do you tell your users to use their enterprise
credentials or do you use an other method/credentials?

The reason is that (usually) enterprise credentials also give access to
a whole lot of systems other than OpenStack itself. And it goes without
saying that I'm not fond of the idea of storing my password in plain
text to be used by some scripts I created.

What's your opinion/suggestion? Do you guys have a second credential
system solely used for OpenStack?


More information about the OpenStack-operators mailing list