← Back to team overview

openstack team mailing list archive

Re: Some of the libraries that can be reused for OpenStack Auth

 

Thanks, Rostik. Good suggestions. We have heard much demand for SAML and I am sure someone will implement it very soon.

On #1, that is a user experience question. Not every OpenStack deployment will enforce the same level of complexity. We need to make that configurable on the backend and leave it up to the the dashboard designers & developers to provide feedback to users on their password quality. But no matter what, if we write a production-worth password store we will definitely want to use recommendations like the NIST ones you suggest.

Thanks for your input,

Z



On Apr 30, 2011, at 11:51 AM, Rostyslav Slipetskyy wrote:

> There exist a couple of Python libraries that might to be reused for OpenStack 
> Auth:
> 
> 1. python-crack (http://pypi.python.org/pypi/python-crack/0.5) can be used 
> for evaluating password strength before registering users
> 2. PySAML2 (https://launchpad.net/pysaml2) can be used for adding SAML 
> functionality
> 
> Also, when developing a password storage functionality, a suggestion 
> from "Electronic Authentication Guideline" by NIST might be useful:
> "store passwords concatenated to a salt and/or username and then hashed with 
> approved algorithm so that the computations used to conduct a dictionary or 
> exhaustion attack on a stolen password file are not useful to attack other 
> similar password files"
> 
> Best Regards,
> Rostik
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp



References