Password should be mandatory else user can't execute any command
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
while creating new user using command keystone, password is kept as optional field. When this user try to execute any command then it prompts for password. But as user has no password so no command can be executed by that user.
so password should be kept as mandatory field, else there is no use of user which is created without password.
steps:
1) $ keystone user-create --name testing
2) create openrc file containing the credentials of newly created user ex testing-openrc.sh, and use it as
$source testing-openrc.sh
3) execute any command, and it will prompt for password which is not available, till the time you enter any password then it will report invalid credentials
$ nova image-list
OS Password:
OS Password:
OS Password:
ERROR (CommandError): Invalid OpenStack Nova credentials.
Hi Karan,
Keystone doesn't require passwords on user creation because the authentication methods used by keystone are configurable [0]. It is possible for a keystone deployment to use another authentication method in-place of traditional password authentication. Because we can't guarantee the way in which keystone is deployed, we shouldn't require passwords be supplied for deployments that don't use or need them.
Let me know if you have any additional questions, or just swing by the #openstack-keystone channel on Freenode (if you haven't already).
[0] https:/ /github. com/openstack/ keystone/ blob/8dd27d3368 ce0aa396386010f 6aec5ed6304d687 /etc/keystone. conf.sample# L333-L357