Reviewed: https://review.openstack.org/53248 Committed: http://github.com/openstack-dev/devstack/commit/d561b70930f7184ade05953faa11a47dc250a16c Submitter: Jenkins Branch: master commit d561b70930f7184ade05953faa11a47dc250a16c Author: Dean Troyer <dtroyer at gmail.com> Date: Tue Oct 22 17:46:00 2013 -0500 Set keystone.conf to mode 0600 Set keystone.conf readable only by owner Fixes CVE-2013-1977 Fixed bug: 1168252 Change-Id: Idd13b7a58e257565052c54f72c65d8dceb23f27a -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1168252 Title: keystone.conf should not be world-readable (to keep LDAP password and admin_token secret) Status in devstack - openstack dev environments: Confirmed Status in OpenStack Security Notes: Fix Released Status in Gentoo Linux: Fix Released Bug description: The password configuration of LDAP and admin_token in keystone.conf should be secret to protect security information: [ldap] # url = ldap://localhost # user = dc=Manager,dc=example,dc=com # password = None <- should be secrect # suffix = cn=example,cn=com # use_dumb_member = False # allow_subtree_delete = False # dumb_member = cn=dumb,dc=example,dc=com [DEFAULT] admin_token = passw0rd <- should be secrect To manage notifications about this bug go to: https://bugs.launchpad.net/devstack/+bug/1168252/+subscriptions