[Openstack] Keyring support in openstack
Adam Young
ayoung at redhat.com
Tue Jul 31 00:48:08 UTC 2012
On 07/30/2012 06:00 PM, Doug Hellmann wrote:
>
>
> On Mon, Jul 30, 2012 at 5:30 PM, Adam Young <ayoung at redhat.com
> <mailto:ayoung at redhat.com>> wrote:
>
> On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote:
>
> On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:
>
> The wiki mentions the password being saved using
> keyring.backend.UncryptedFileKeyring. Does that mean
> the password is
>
> saved
>
> in cleartext? Is the file protected in some way
> besides filesystem
> permissions?
>
> As mentioned in wiki page, the password is stored in
> base64 format.
>
> Which means it's stored in cleartext. That is Not Good(tm) :)
>
> Can Keyring be used to store a token instead? That would A) be
> better than password and B) avoid a Keystone hit.
>
>
> Don't tokens expire?
Yes, they do, but that is no reason not to put them in the keyring,
With the PKI tokens, you will be able to query a token's expiry without
going across the wire.
>
> Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120730/9982fe38/attachment.html>
More information about the Openstack
mailing list