keystone.conf should not be world-readable (to keep LDAP password and admin_token secret)
Bug #1168252 reported by
Xu Han Peng
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Notes |
Fix Released
|
High
|
Robert Clark | ||
devstack |
Fix Released
|
High
|
Dean Troyer | ||
Gentoo Linux |
Fix Released
|
Low
|
Bug Description
The password configuration of LDAP and admin_token in keystone.conf should be secret to protect security information:
[ldap]
# url = ldap://localhost
# user = dc=Manager,
# password = None <- should be secrect
# suffix = cn=example,cn=com
# use_dumb_member = False
# allow_subtree_
# dumb_member = cn=dumb,
[DEFAULT]
admin_token = passw0rd <- should be secrect
CVE References
information type: | Private Security → Public Security |
Changed in keystone: | |
assignee: | nobody → Xu Han Peng (xuhanp) |
tags: | added: security |
information type: | Public Security → Public |
Changed in keystone (Gentoo Linux): | |
importance: | Unknown → Low |
Changed in gentoo: | |
status: | Unknown → Fix Released |
Changed in devstack: | |
assignee: | nobody → Dean Troyer (dtroyer) |
Changed in devstack: | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/26826
Review: https:/