[Openstack] Keyring support in openstack
Adam Young
ayoung at redhat.com
Thu Aug 23 01:46:14 UTC 2012
On 08/22/2012 07:15 PM, Bhuvaneswaran A wrote:
>
>
> On Mon, Jul 30, 2012 at 5:48 PM, Adam Young <ayoung at redhat.com
> <mailto:ayoung at redhat.com>> wrote:
>
> On 07/30/2012 06:00 PM, Doug Hellmann wrote:
>>
>>
>> On Mon, Jul 30, 2012 at 5:30 PM, Adam Young <ayoung at redhat.com
>> <mailto:ayoung at redhat.com>> wrote:
>>
>> On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote:
>>
>> On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:
>>
>> The wiki mentions the password being saved using
>> keyring.backend.UncryptedFileKeyring. Does that
>> mean the password is
>>
>> saved
>>
>> in cleartext? Is the file protected in some way
>> besides filesystem
>> permissions?
>>
>> As mentioned in wiki page, the password is stored in
>> base64 format.
>>
>> Which means it's stored in cleartext. That is Not
>> Good(tm) :)
>>
>> Can Keyring be used to store a token instead? That would A)
>> be better than password and B) avoid a Keystone hit.
>>
>>
>> Don't tokens expire?
>
>
> Yes, they do, but that is no reason not to put them in the keyring,
>
> With the PKI tokens, you will be able to query a token's expiry
> without going across the wire.
>
>
> Adam, can you please file a ticket to use keyring to store tokens for
> keystone? I'll work on it.
https://bugs.launchpad.net/keystone/+bug/1040361
> --
> Regards,
> Bhuvaneswaran A
> www.livecipher.com <http://www.livecipher.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120822/67ca1994/attachment.html>
More information about the Openstack
mailing list