[Openstack] Keyring support in openstack

Adam Young ayoung at redhat.com
Thu Aug 23 01:46:14 UTC 2012


On 08/22/2012 07:15 PM, Bhuvaneswaran A wrote:
>
>
> On Mon, Jul 30, 2012 at 5:48 PM, Adam Young <ayoung at redhat.com 
> <mailto:ayoung at redhat.com>> wrote:
>
>     On 07/30/2012 06:00 PM, Doug Hellmann wrote:
>>
>>
>>     On Mon, Jul 30, 2012 at 5:30 PM, Adam Young <ayoung at redhat.com
>>     <mailto:ayoung at redhat.com>> wrote:
>>
>>         On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote:
>>
>>             On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:
>>
>>                     The wiki mentions the password being saved using
>>                     keyring.backend.UncryptedFileKeyring. Does that
>>                     mean the password is
>>
>>                 saved
>>
>>                     in cleartext? Is the file protected in some way
>>                     besides filesystem
>>                     permissions?
>>
>>                 As mentioned in wiki page, the password is stored in
>>                 base64 format.
>>
>>             Which means it's stored in cleartext.  That is Not
>>             Good(tm) :)
>>
>>         Can Keyring be used to store a token instead?  That would A)
>>          be better than password and B)  avoid a Keystone hit.
>>
>>
>>     Don't tokens expire?
>
>
>     Yes, they do, but that is no reason not to put them in the keyring,
>
>     With the PKI tokens,  you will be able to query a token's expiry
>     without going across the wire.
>
>
> Adam, can you please file a ticket to use keyring to store tokens for 
> keystone? I'll work on it.
https://bugs.launchpad.net/keystone/+bug/1040361


> -- 
> Regards,
> Bhuvaneswaran A
> www.livecipher.com <http://www.livecipher.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120822/67ca1994/attachment.html>


More information about the Openstack mailing list