[openstack-dev] [Glance][Keystone] Glance and trusts

Steve Lewis steve.lewis at RACKSPACE.COM
Mon Jun 8 18:10:29 UTC 2015


Monday, June 8, 2015 07:10, Adam Young wrote:
> 2.  Delegation are long lived affairs.  If anything is going to take
> longer than the duration of the token, it should be in the context of a
> delegation, and the user should re-authenticate to prove identity.

Requiring re-authenticating to perform many tasks that involves delegation (a distinction that users don't understand, or care to) is a sure way to convince users to use short and weak passwords. Please, no.




More information about the OpenStack-dev mailing list