← Back to team overview

openstack team mailing list archive

  1. openstack team
  2. Mailing list archive
  3. Message #16063

Re: Keyring support in openstack

  Thread PreviousDate PreviousThread Next 
On 08/22/2012 07:15 PM, Bhuvaneswaran A wrote:
On Mon, Jul 30, 2012 at 5:48 PM, Adam Young <ayoung@xxxxxxxxxx <mailto:ayoung@xxxxxxxxxx>> wrote: 

    On 07/30/2012 06:00 PM, Doug Hellmann wrote:



    On Mon, Jul 30, 2012 at 5:30 PM, Adam Young <ayoung@xxxxxxxxxx
    <mailto:ayoung@xxxxxxxxxx>> wrote:

        On 07/30/2012 05:17 PM, Kevin L. Mitchell wrote:

            On Mon, 2012-07-30 at 13:50 -0700, Bhuvaneswaran A wrote:

                    The wiki mentions the password being saved using
                    keyring.backend.UncryptedFileKeyring. Does that
                    mean the password is

                saved

                    in cleartext? Is the file protected in some way
                    besides filesystem
                    permissions?

                As mentioned in wiki page, the password is stored in
                base64 format.

            Which means it's stored in cleartext.  That is Not
            Good(tm) :)

        Can Keyring be used to store a token instead?  That would A)
         be better than password and B)  avoid a Keystone hit.


    Don't tokens expire?



    Yes, they do, but that is no reason not to put them in the keyring,

    With the PKI tokens,  you will be able to query a token's expiry
    without going across the wire.
Adam, can you please file a ticket to use keyring to store tokens for keystone? I'll work on it. 
https://bugs.launchpad.net/keystone/+bug/1040361



--
Regards,
Bhuvaneswaran A
www.livecipher.com <http://www.livecipher.com>

References

  Thread PreviousDate PreviousThread Next