
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">On 07/30/2012 06:00 PM, Doug Hellmann

      wrote:<br>

    </div>

    <blockquote

cite="mid:CADb+p3Sdx3nMtyrDB4=HMMnvmnH8tAo5f0ZAfmUajd9DdiPPsQ@mail.gmail.com"

      type="cite"><br>

      <br>

      <div class="gmail_quote">On Mon, Jul 30, 2012 at 5:30 PM, Adam

        Young <span dir="ltr"><<a moz-do-not-send="true"

            href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span>

        wrote:<br>

        <blockquote class="gmail_quote" style="margin:0 0 0

          .8ex;border-left:1px #ccc solid;padding-left:1ex">

          <div class="im">On 07/30/2012 05:17 PM, Kevin L. Mitchell

            wrote:<br>

            <blockquote class="gmail_quote" style="margin:0 0 0

              .8ex;border-left:1px #ccc solid;padding-left:1ex">

              On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:<br>

              <blockquote class="gmail_quote" style="margin:0 0 0

                .8ex;border-left:1px #ccc solid;padding-left:1ex">

                <blockquote class="gmail_quote" style="margin:0 0 0

                  .8ex;border-left:1px #ccc solid;padding-left:1ex">

                  The wiki mentions the password being saved using<br>

                  keyring.backend.UncryptedFileKeyring. Does that mean

                  the password is<br>

                </blockquote>

                saved<br>

                <blockquote class="gmail_quote" style="margin:0 0 0

                  .8ex;border-left:1px #ccc solid;padding-left:1ex">

                  in cleartext? Is the file protected in some way

                  besides filesystem<br>

                  permissions?<br>

                </blockquote>

                As mentioned in wiki page, the password is stored in

                base64 format.<br>

              </blockquote>

              Which means it's stored in cleartext.  That is Not

              Good(tm) :)<br>

            </blockquote>

          </div>

          Can Keyring be used to store a token instead?  That would A)

           be better than password and B)  avoid a Keystone hit.</blockquote>

        <div><br>

        </div>

        <div>Don't tokens expire?</div>

      </div>

    </blockquote>

    <br>

    <br>

    Yes, they do, but that is no reason not to put them in the keyring,<br>

    <br>

    With the PKI tokens,  you will be able to query a token's expiry

    without going across the wire.<br>

    <br>

    <br>

    <br>

    <blockquote

cite="mid:CADb+p3Sdx3nMtyrDB4=HMMnvmnH8tAo5f0ZAfmUajd9DdiPPsQ@mail.gmail.com"

      type="cite">

      <div class="gmail_quote">

        <div><br>

        </div>

        <div>Doug</div>

        <div> </div>

      </div>

    </blockquote>

    <br>

    <br>

  </body>

</html>