<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 08/22/2012 07:15 PM, Bhuvaneswaran A
wrote:<br>
</div>
<blockquote
cite="mid:CAK0Yc05dB4exhmHK6ROLntHEbzuOVpSsku6xxs=F1c8pUg0a4w@mail.gmail.com"
type="cite"><br>
<br>
<div class="gmail_quote">On Mon, Jul 30, 2012 at 5:48 PM, Adam
Young <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5">
<div>On 07/30/2012 06:00 PM, Doug Hellmann wrote:<br>
</div>
<blockquote type="cite"><br>
<br>
<div class="gmail_quote">On Mon, Jul 30, 2012 at 5:30
PM, Adam Young <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On 07/30/2012 05:17 PM, Kevin L. Mitchell
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex"> On Mon, 2012-07-30 at
13:50 -0700, Bhuvaneswaran A wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex"> The wiki
mentions the password being saved using<br>
keyring.backend.UncryptedFileKeyring. Does
that mean the password is<br>
</blockquote>
saved<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex"> in
cleartext? Is the file protected in some
way besides filesystem<br>
permissions?<br>
</blockquote>
As mentioned in wiki page, the password is
stored in base64 format.<br>
</blockquote>
Which means it's stored in cleartext. That is
Not Good(tm) :)<br>
</blockquote>
</div>
Can Keyring be used to store a token instead?
That would A) be better than password and B)
avoid a Keystone hit.</blockquote>
<div><br>
</div>
<div>Don't tokens expire?</div>
</div>
</blockquote>
<br>
<br>
</div>
</div>
Yes, they do, but that is no reason not to put them in the
keyring,<br>
<br>
With the PKI tokens, you will be able to query a token's
expiry without going across the wire.<br>
</div>
</blockquote>
<div><br>
Adam, can you please file a ticket to use keyring to store
tokens for keystone? I'll work on it.<br>
</div>
</div>
</blockquote>
<a class="moz-txt-link-freetext" href="https://bugs.launchpad.net/keystone/+bug/1040361">https://bugs.launchpad.net/keystone/+bug/1040361</a><br>
<br>
<br>
<blockquote
cite="mid:CAK0Yc05dB4exhmHK6ROLntHEbzuOVpSsku6xxs=F1c8pUg0a4w@mail.gmail.com"
type="cite">-- <br>
Regards,<br>
Bhuvaneswaran A<br>
<a moz-do-not-send="true" href="http://www.livecipher.com">www.livecipher.com</a><br>
</blockquote>
<br>
</body>
</html>