Makes sense. So what is the recommended upstream approach for securely storing user passwords in keystone ?
Is that what is being described here ? https://docs.openstack.org/keystone/pike/admin/identity-credential-encryption.html Greg. From: Juan Antonio Osorio Robles <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Wednesday, August 29, 2018 at 2:00 PM To: "[email protected]" <[email protected]> Subject: Re: [openstack-dev] [keystone] [barbican] Keystone's use of Barbican ? This is not the case. Barbican requires users and systems that use it to use keystone for authentication. So keystone can't use Barbican for this. Chicken and egg problem. On 08/29/2018 08:08 PM, Waines, Greg wrote: My understanding is that Keystone can be configured to use Barbican to securely store user passwords. Is this true ? If yes, is this the standard / recommended / upstream way to securely store Keystone user passwords ? If yes, I can’t find any descriptions of this is configured ? Can someone provide some pointers ? Greg. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe<mailto:[email protected]?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
