openstack team mailing list archive

Thread
Date

Re: Keyring support in openstack

To: Doug Hellmann <doug.hellmann@xxxxxxxxxxxxx>
From: Matt Joyce <matt.joyce@xxxxxxxxxxxxxxxx>
Date: Mon, 30 Jul 2012 15:26:49 -0700
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CADb+p3Sdx3nMtyrDB4=HMMnvmnH8tAo5f0ZAfmUajd9DdiPPsQ@mail.gmail.com>

I thought so until I read that security vulnerability report the other day
=P

On Mon, Jul 30, 2012 at 3:00 PM, Doug Hellmann
<doug.hellmann@xxxxxxxxxxxxx>wrote:

>
>
> On Mon, Jul 30, 2012 at 5:30 PM, Adam Young <ayoung@xxxxxxxxxx> wrote:
>
>> On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote:
>>
>>> On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:
>>>
>>>> The wiki mentions the password being saved using
>>>>> keyring.backend.**UncryptedFileKeyring. Does that mean the password is
>>>>>
>>>> saved
>>>>
>>>>> in cleartext? Is the file protected in some way besides filesystem
>>>>> permissions?
>>>>>
>>>> As mentioned in wiki page, the password is stored in base64 format.
>>>>
>>> Which means it's stored in cleartext.  That is Not Good(tm) :)
>>>
>> Can Keyring be used to store a token instead?  That would A)  be better
>> than password and B)  avoid a Keystone hit.
>
>
> Don't tokens expire?
>
> Doug
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

References

Keyring support in openstack
From: Bhuvaneswaran A, 2012-07-29
Re: Keyring support in openstack
From: Doug Hellmann, 2012-07-30
Re: Keyring support in openstack
From: Bhuvaneswaran A, 2012-07-30
Re: Keyring support in openstack
From: Kevin L. Mitchell, 2012-07-30
Re: Keyring support in openstack
From: Adam Young, 2012-07-30
Re: Keyring support in openstack
From: Doug Hellmann, 2012-07-30