[RFE] Support Credential Encryption Configuration
Bug #1758936 reported by
Dmitrii Shcherbakov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone Charm |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
https:/
A prerequisite for that would be: https:/
This is mostly relevant for non-federated scenarios where password hashes are stored in a SQL database.
With federated identity this is only needed for service accounts.
Changed in charm-keystone: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
Changed in charm-keystone: | |
milestone: | none → 18.08 |
status: | Triaged → Fix Committed |
Changed in charm-keystone: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Initial support for this was added as a part of our implementation of support for Fernet tokens [0].
However, it is worth noting that this only affects the credentials stored in the `credential` table through the use of the Credential API [1].
The passwords for individual users in the directory is already stored using a salted one way hash in the `password` table. [2].
0: https:/ /review. openstack. org/#/q/ topic:fernet- keystone- charm+( status: open+OR+ status: merged) /developer. openstack. org/api- ref/identity/ v3/#credentials /github. com/openstack/ keystone/ blob/d80c260b38 6dbe6232b194303 7739d134855a25e /keystone/ common/ password_ hashing. py
1: https:/
2: https:/