[Openstack] Plaintext password in getCredential token

Clark, Robert Graham robert.clark at hp.com
Wed Feb 5 10:12:57 UTC 2014


On Wed Feb  5 08:34:34 2014, Rob Crittenden wrote:
> Emanuel Marzini wrote:
>> Hi,
>> I have a software that uses Openstack. When it do an action for the
>> first time, it need to get a token from Openstack. How it's possible
>> make a POST request like:
>>
>> '{"auth":{"passwordCredentials":{"username": "joeuser", "password":
>> "secrete"}}}' -H "Content-type: application/json"
>> http://localhost:35357/v2.0/tokens
>>
>> without pass the password in plaintext???
>>
>> It's possible use PKI, ssl and so on?
>
> The documentation on this is scant but you can start with something like
> http://docs.openstack.org/developer/keystone/configuration.html
>
> You'll need to create new endpoints for the SSL provider and set
> OS_SERVICE_ENDPOINT to the secure version.
>
> If you want to disable/remove the unsecure ports things get rather
> interesting as you'll need to configure all the other services to use
> this as well. I don't know how well or if that actually works everywhere.
>
> rob
>

You might find some of the guidance from the OpenStack Security Guide 
useful too: 
http://docs.openstack.org/security-guide/content/ch024_authentication.html






More information about the Openstack mailing list