[Openstack] Keyring support in openstack
Doug Hellmann
doug.hellmann at dreamhost.com
Mon Jul 30 13:31:44 UTC 2012
On Sun, Jul 29, 2012 at 1:37 AM, Bhuvaneswaran A <bhuvan at apache.org> wrote:
> Team,
>
> As per patch https://review.openstack.org/#/c/9497/ we are adding
> keyring support for "openstack" client. If password is not specified
> in command line or environment variable, the user is prompted to enter
> password. During this time, the password is stored in keyring. During
> next time, the password is read from keyring, instead of prompt. It is
> true, if password is not specified in command line or environment
> variable.
>
> This behavior is documented in this wiki page:
> http://wiki.openstack.org/KeyringSupport
>
> If you have any comments, please let us know.
>
You've already answered several of my questions on the ticket, but I still
have some "usability" concerns.
How does the keyring system support a single person logging in using
multiple user accounts? For example, if I have an admin account and a
"regular" user, how do I switch between them based on the operations I need
to perform?
Is there a way to disable the behavior of having a password saved to a
keyring for a particular user, without uninstalling the python-keyring
package (and therefore disabling keyring support for all users)?
The wiki mentions the password being saved
using keyring.backend.UncryptedFileKeyring. Does that mean the password is
saved in cleartext? Is the file protected in some way besides filesystem
permissions?
The mention of one backend implies that there are others. Should we give
users a way to choose the backend, in case they have a preference?
How does the use of the keyring affect scripting using the command line
tool? Can a script access the keyring, or does it need to use the other
options?
In one review comment you mention a few desktop apps that know how to
manipulate the keyring to manage its contents. What about remote access via
ssh, where a desktop environment is not available? Does the keyring library
include tools for manipulating the file, or do we need to build our own? If
so, what tools would be needed?
Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120730/a391676c/attachment.html>
More information about the Openstack
mailing list