[openstack-dev] [Glance][Keystone] Glance and trusts
steve.lewis at RACKSPACE.COM
Mon Jun 8 18:10:29 UTC 2015
Monday, June 8, 2015 07:10, Adam Young wrote:
> 2. Delegation are long lived affairs. If anything is going to take
> longer than the duration of the token, it should be in the context of a
> delegation, and the user should re-authenticate to prove identity.
Requiring re-authenticating to perform many tasks that involves delegation (a distinction that users don't understand, or care to) is a sure way to convince users to use short and weak passwords. Please, no.
More information about the OpenStack-dev