You can create a new ocata directory if one is not present
On Jul 18, 2016 7:24 PM, "Adrian Turjak" wrote:
>
>
> On 19/07/16 03:31, Steve Martinelli wrote:
> > I think the change you posted could very much just
> > replace the existing password plugin in keystone (
> > https://review.openstack.o
On 19/07/16 03:31, Steve Martinelli wrote:
> I think the change you posted could very much just
> replace the existing password plugin in keystone (
> https://review.openstack.org/#/c/343422/) and not be it's own plugin.
>
> How about a specification instead?
> https://github.com/openstack/keyst
On 19/07/16 01:49, David Stanek wrote:
> On Mon, Jul 18, 2016 at 9:13 AM, Adrian Turjak
> wrote:
>> We need an MFA solution, and this doesn't seem like too terrible an option.
>
>
> One thing to note here is that the credentials for TOTP stored in the
> keystone credentials backend are not en
More comments inline.
On Mon, Jul 18, 2016 at 9:13 AM, Adrian Turjak
wrote:
> Ok. So it sounds like I'm not entirely off track and this will probably be
> the road we go down for our deployment until we have a better option. We
> need an MFA solution, and this doesn't seem like too terrible an o
On Mon, Jul 18, 2016 at 9:13 AM, Adrian Turjak wrote:
> We need an MFA solution, and this doesn't seem like too terrible an option.
One thing to note here is that the credentials for TOTP stored in the
keystone credentials backend are not encrypted. So a breach of your
database could expose thos
Ok. So it sounds like I'm not entirely off track and this will probably be the road we go down for our deployment until we have a better option. We need an MFA solution, and this doesn't seem like too terrible an option.
Basically after a bunch of digging this was the only solution I found that wo
On Sun, Jul 17, 2016 at 10:37 PM, Steve Martinelli
wrote:
> Several comments inline
>
> On Mon, Jul 18, 2016 at 12:20 AM, Adrian Turjak
> wrote:
>
>> Hello,
>>
>> I've been looking at options for doing multi-factor auth (MFA) on our
>> infrastructure and I'm just wanting to know if the option I'
Several comments inline
On Mon, Jul 18, 2016 at 12:20 AM, Adrian Turjak
wrote:
> Hello,
>
> I've been looking at options for doing multi-factor auth (MFA) on our
> infrastructure and I'm just wanting to know if the option I've decided
> to go with seems sensible.
>
> As context, we are running s
Hello,
I've been looking at options for doing multi-factor auth (MFA) on our
infrastructure and I'm just wanting to know if the option I've decided
to go with seems sensible.
As context, we are running stock Keystone (to be backed by LDAP), we
wanted to be able to enable MFA on a per user basis,