yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #26794
[Bug 1408947] Re: Nova SHA1 password with Keystone linked to LDAP
The comment for Keystone is the same as for nova. This is a obfuscation
of the password. It is done in a way to show that it was a SHA1 hash of
the password but avoid leaking information. It does not mean we use
{SHA1}<hash> instead of {SSHA} in LDAP. We rely on the LDAP backend to
do the hashing so the backend will use {SSHA}, {MD5}, etc as
appropriate.
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1408947
Title:
Nova SHA1 password with Keystone linked to LDAP
Status in OpenStack Identity (Keystone):
Invalid
Status in OpenStack Compute (Nova):
Invalid
Bug description:
Openstack Juno
Ubuntu 14.04
I configured Keystone with my LDAP, following installation guide I
have admin-openrc.sh as follow:
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=my_secret
export OS_AUTH_URL=my_address
at the end with configuration of nova:
$> nova --debug list
REQ: curl -i 'http://my_address:35357/v2.0/tokens' -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "{SHA1}735cc5cd7e1d762680bbf53a4247b3e8f36d4d67"}}}'
INFO (connectionpool:258) Starting new HTTP connection (1): master01.th.ascolotus.com
DEBUG (connectionpool:375) Setting read timeout to 600.0
DEBUG (connectionpool:415) "POST /v2.0/tokens HTTP/1.1" 401 114
RESP: [401] {'content-length': '114', 'vary': 'X-Auth-Token', 'www-authenticate': 'Keystone uri="http://my_address:35357"', 'date': 'Fri, 09 Jan 2015 09:23:09 GMT', 'content-type': 'application/json', 'x-distribution': 'Ubuntu'}
RESP BODY: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
DEBUG (shell:803) Invalid OpenStack Nova credentials.
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 800, in main
OpenStackComputeShell().main(argv)
File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 701, in main
raise exc.CommandError(_("Invalid OpenStack Nova credentials."))
CommandError: Invalid OpenStack Nova credentials.
ERROR (CommandError): Invalid OpenStack Nova credentials.
SHA1 is the hashed password, LDAP use SSHA.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1408947/+subscriptions
References