[Openstack-security] [Bug 1168252] Re: keystone.conf should not be world-readable (to keep LDAP password and admin_token secret)
Dean Troyer
1168252 at bugs.launchpad.net
Mon Dec 9 20:52:58 UTC 2013
** Changed in: devstack
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1168252
Title:
keystone.conf should not be world-readable (to keep LDAP password and
admin_token secret)
Status in devstack - openstack dev environments:
Fix Released
Status in OpenStack Security Notes:
Fix Released
Status in Gentoo Linux:
Fix Released
Bug description:
The password configuration of LDAP and admin_token in keystone.conf
should be secret to protect security information:
[ldap]
# url = ldap://localhost
# user = dc=Manager,dc=example,dc=com
# password = None <- should be secrect
# suffix = cn=example,cn=com
# use_dumb_member = False
# allow_subtree_delete = False
# dumb_member = cn=dumb,dc=example,dc=com
[DEFAULT]
admin_token = passw0rd <- should be secrect
To manage notifications about this bug go to:
https://bugs.launchpad.net/devstack/+bug/1168252/+subscriptions
More information about the Openstack-security
mailing list