openstack-manuals

Security Guide - External auth methods refactoring

Bug #1411510 reported by N Dillon
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openstack-manuals
Fix Released
Low
N Dillon

Bug Description

I think the last half of this could benefit from rewriting with more detail given on what external auth is. Additionally, it's not clear if external auth provides pw policy enforcement (which internal auth could do as well). There is finally a good explanation of MFA, but not how it relates to external auth, and then consistency is not maintained when Kerb is mentioned, but not expanded on in relation to external auth.

The section I believe can be touched up is:

"External authentication services can provide alternative forms of authentication that minimize the risk from weak passwords.

These include:

    Password policy enforcement: Requires user passwords to conform to minimum standards for length, diversity of characters, expiration, or failed login attempts.

    Multi-factor authentication: The authentication service requires the user to provide information based on something they have, such as a one-time password token or X.509 certificate, and something they know, such as a password.

    Kerberos"
-----------------------------------
Built: 2015-01-09T08:06:57 00:00
git SHA: 6adcc8b79c64aac5c365326f863368096b4677ba
URL: http://docs.openstack.org/security-guide/content/identity.html

Tags: sec-guide
Shellee Aragon (shellee-aragon)
Changed in openstack-manuals:
assignee: nobody → Shellee Arnold (shellee-arnold)
Lana (loquacity)
Changed in openstack-manuals:
status: New → Confirmed
importance: Undecided → Low
N Dillon (sicarie)
tags: added: sec-guide
Revision history for this message
Tom Fifield (fifieldt) wrote :

Hi Shellee, are you still interested in working on this one?

Bathri Ajay Raj (bathri-s)
Changed in openstack-manuals:
assignee: Shellee Aragon (shellee-aragon) → Bathri Ajay Raj (bathri-s)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to security-doc (master)

Fix proposed to branch: master
Review: https://review.openstack.org/299172

Revision history for this message
Patrick Amor (pamor) wrote :

Based on the comments in the review of the proposed change being abandoned, I can take over this bug if you want to assign it to me.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on security-doc (master)

Change abandoned by Nathaniel Dillon (<email address hidden>) on branch: master
Review: https://review.openstack.org/299172

N Dillon (sicarie)
Changed in openstack-manuals:
assignee: Bathri Ajay Raj (bathri-s) → nobody
N Dillon (sicarie)
Changed in openstack-manuals:
assignee: nobody → N Dillon (sicarie)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to security-doc (master)

Fix proposed to branch: master
Review: https://review.openstack.org/416138

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to security-doc (master)

Reviewed: https://review.openstack.org/416138
Committed: https://git.openstack.org/cgit/openstack/security-doc/commit/?id=a8df448a5ebeba6022bbf2cd08a2a931faca5bd1
Submitter: Jenkins
Branch: master

commit a8df448a5ebeba6022bbf2cd08a2a931faca5bd1
Author: sicarie <email address hidden>
Date: Mon Jan 2 22:27:20 2017 -0800

    Adding Kerb definition to External auth methods

    Added definition of kerberos to external auth methods section.
    Updated list type to better fit term and definition format.

    Change-Id: Ib655b0010ccfaa814b312d44097203f4dd06c582
    Closes-Bug: 1411510

Changed in openstack-manuals:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.