yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1802136] [NEW] Keystone SQL backend should support prehashed passwords

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Simon Reinkemeier <1802136@xxxxxxxxxxxxxxxxxx>
Date: Wed, 07 Nov 2018 16:16:37 -0000
Reply-to: Bug 1802136 <1802136@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Keystone should allow pre-hashed passwords at user creation. This change
would allow passwords to be stored in scripts without storing them in
plaintext. This would improve security

The same report was filed for the LDAP backend here:
https://bugs.launchpad.net/keystone/+bug/1400443

It was refused because there are various ways this can go wrong with
LDAP. Would this change get accepted if I implemented it for the SQL
backend or is there anything wrong with this suggestion?

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1802136

Title:
  Keystone SQL backend should support prehashed passwords

Status in OpenStack Identity (keystone):
  New

Bug description:
  Keystone should allow pre-hashed passwords at user creation. This
  change would allow passwords to be stored in scripts without storing
  them in plaintext. This would improve security

  The same report was filed for the LDAP backend here:
  https://bugs.launchpad.net/keystone/+bug/1400443

  It was refused because there are various ways this can go wrong with
  LDAP. Would this change get accepted if I implemented it for the SQL
  backend or is there anything wrong with this suggestion?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1802136/+subscriptions

Follow ups

[Bug 1802136] Re: RFE: Keystone SQL backend (and `user_create` API) should support prehashed passwords
From: Morgan Fainberg, 2018-12-10