On Mon, 2014-01-06 at 17:00 +0100, Tristan Cacqueray wrote: > On 01/06/2014 04:19 PM, Adam Young wrote: > > Dirk, > > > > If it were as easy as just replaceing hteh hash algorithm, we would > > have done it a year + ago. I'm guessing you figured that by now. > > > > Here is the deal: We need to be able to make things work side by side. > > Not sure how to do that, but I think the right solution is to make > > keystone configurable first, so that you can set the hashing algorithm > > in the config file, and that python-keystoneclient should be able to > > handle both. Since the PKC doesn't tend to talk to multiple Keystones, > > that should probably be sufficient. > > > > In the future, Keystones need to be advertise, somehow, what Hashing > > algorithm it uses. It probably can/should stick that data in the token. > > > > Thoughts? > > > > Hello list! > > How about we prefix the hash with the chosen algorithm, like the glibc > crypt method (ie: $id$hash) ? No prefix would mean the former md5. > > This would allow a smooth migration as multiple hash algorithm could be > used simultaneously and keystone wouldn't have to announce what > algorithm it uses...
+1. Simple and effective. -jay _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
