
<br><br><div class="gmail_quote">On Mon, Jul 30, 2012 at 5:48 PM, Adam Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


  <div bgcolor="#FFFFFF" text="#000000"><div><div class="h5">

    <div>On 07/30/2012 06:00 PM, Doug Hellmann

      wrote:<br>

    </div>

    <blockquote type="cite"><br>

      <br>

      <div class="gmail_quote">On Mon, Jul 30, 2012 at 5:30 PM, Adam

        Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span>

        wrote:<br>

        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

          <div>On 07/30/2012 05:17 PM, Kevin L. Mitchell

            wrote:<br>

            <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

              On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:<br>

              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

                <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

                  The wiki mentions the password being saved using<br>

                  keyring.backend.UncryptedFileKeyring. Does that mean

                  the password is<br>

                </blockquote>

                saved<br>

                <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

                  in cleartext? Is the file protected in some way

                  besides filesystem<br>

                  permissions?<br>

                </blockquote>

                As mentioned in wiki page, the password is stored in

                base64 format.<br>

              </blockquote>

              Which means it's stored in cleartext.  That is Not

              Good(tm) :)<br>

            </blockquote>

          </div>

          Can Keyring be used to store a token instead?  That would A)

           be better than password and B)  avoid a Keystone hit.</blockquote>

        <div><br>

        </div>

        <div>Don't tokens expire?</div>

      </div>

    </blockquote>

    <br>

    <br></div></div>

    Yes, they do, but that is no reason not to put them in the keyring,<br>

    <br>

    With the PKI tokens,  you will be able to query a token's expiry

    without going across the wire.<br></div></blockquote><div><br>Adam, can you please file a ticket to use keyring to store tokens for keystone? I'll work on it.<br></div></div>-- <br>Regards,<br>Bhuvaneswaran A<br>

<a href="http://www.livecipher.com">www.livecipher.com</a><br>