This is pretty clearly a security hardening request and not a security
vulnerability report, so i've adjusted its classification accordingly.
** Also affects: ossa
Importance: Undecided
Status: New
** Tags added: security
** Information type changed from Public Security to Public
** Changed in: ossa
Status: New => Won't Fix
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1400443
Title:
Keystone should support pre-hashed passwords
Status in OpenStack Identity (Keystone):
Incomplete
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
Passwords should be allowed to be pre-hashed upon user creation for
better security.
A user may want to store passwords in a script file, and it is much
safer for these to be hashed beforehand so that the password is not in
plaintext.
This was implemented in keystone at one point
https://git.openstack.org/cgit/openstack/keystone/commit/?id=e492bbc68ef41b276a0a18c6dbeda242d46b66f4
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1400443/+subscriptions