[Openstack] Plaintext password in getCredential token
Rob Crittenden
rcritten at redhat.com
Wed Feb 5 08:18:30 UTC 2014
Emanuel Marzini wrote:
> Hi,
> I have a software that uses Openstack. When it do an action for the
> first time, it need to get a token from Openstack. How it's possible
> make a POST request like:
>
> '{"auth":{"passwordCredentials":{"username": "joeuser", "password":
> "secrete"}}}' -H "Content-type: application/json"
> http://localhost:35357/v2.0/tokens
>
> without pass the password in plaintext???
>
> It's possible use PKI, ssl and so on?
The documentation on this is scant but you can start with something like
http://docs.openstack.org/developer/keystone/configuration.html
You'll need to create new endpoints for the SSL provider and set
OS_SERVICE_ENDPOINT to the secure version.
If you want to disable/remove the unsecure ports things get rather
interesting as you'll need to configure all the other services to use
this as well. I don't know how well or if that actually works everywhere.
rob
More information about the Openstack
mailing list