Makes sense. So what is the recommended upstream approach for securely storing user passwords in keystone ?
Is that what is being described here ? https://docs.openstack.org/keystone/pike/admin/identity-credential-encryption.html Greg. From: Juan Antonio Osorio Robles <jaosor...@redhat.com> Reply-To: "openstack-dev@lists.openstack.org" <openstack-dev@lists.openstack.org> Date: Wednesday, August 29, 2018 at 2:00 PM To: "openstack-dev@lists.openstack.org" <openstack-dev@lists.openstack.org> Subject: Re: [openstack-dev] [keystone] [barbican] Keystone's use of Barbican ? This is not the case. Barbican requires users and systems that use it to use keystone for authentication. So keystone can't use Barbican for this. Chicken and egg problem. On 08/29/2018 08:08 PM, Waines, Greg wrote: My understanding is that Keystone can be configured to use Barbican to securely store user passwords. Is this true ? If yes, is this the standard / recommended / upstream way to securely store Keystone user passwords ? If yes, I can’t find any descriptions of this is configured ? Can someone provide some pointers ? Greg. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe<mailto:openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
