← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1408947] Re: Nova SHA1 password with Keystone linked to LDAP

 

The comment for Keystone is the same as for nova. This is a obfuscation
of the password. It is done in a way to show that it was a SHA1 hash of
the password but avoid leaking information. It does not mean we use
{SHA1}<hash> instead of {SSHA} in LDAP. We rely on the LDAP backend to
do the hashing so the backend will use {SSHA}, {MD5}, etc as
appropriate.

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1408947

Title:
  Nova SHA1 password with Keystone linked to LDAP

Status in OpenStack Identity (Keystone):
  Invalid
Status in OpenStack Compute (Nova):
  Invalid

Bug description:
  Openstack Juno
  Ubuntu 14.04

  I configured Keystone with my LDAP, following installation guide I
  have admin-openrc.sh as follow:

  export OS_TENANT_NAME=admin
  export OS_USERNAME=admin
  export OS_PASSWORD=my_secret
  export OS_AUTH_URL=my_address

  at the end with configuration of nova:

  $> nova --debug list

  REQ: curl -i 'http://my_address:35357/v2.0/tokens' -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "{SHA1}735cc5cd7e1d762680bbf53a4247b3e8f36d4d67"}}}'
  INFO (connectionpool:258) Starting new HTTP connection (1): master01.th.ascolotus.com
  DEBUG (connectionpool:375) Setting read timeout to 600.0
  DEBUG (connectionpool:415) "POST /v2.0/tokens HTTP/1.1" 401 114
  RESP: [401] {'content-length': '114', 'vary': 'X-Auth-Token', 'www-authenticate': 'Keystone uri="http://my_address:35357";', 'date': 'Fri, 09 Jan 2015 09:23:09 GMT', 'content-type': 'application/json', 'x-distribution': 'Ubuntu'}
  RESP BODY: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

  DEBUG (shell:803) Invalid OpenStack Nova credentials.
  Traceback (most recent call last):
    File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 800, in main
      OpenStackComputeShell().main(argv)
    File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 701, in main
      raise exc.CommandError(_("Invalid OpenStack Nova credentials."))
  CommandError: Invalid OpenStack Nova credentials.
  ERROR (CommandError): Invalid OpenStack Nova credentials.

  SHA1 is the hashed password, LDAP use SSHA.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1408947/+subscriptions


References