How openstack secures token generated by keystone?
Question
I have a little confusion how token generated by keystone is secured in openstack. I checked on many resources but all states high level view. I want to know like:
- What is the length of token?
- How it is secured when you are requesting for services?
- What is the security of users credentials on database end?
Your help in this regard will highly be appreciated.
1 answers
solution1
1 2013-07-31 08:08:07
KeyStone is quite a configurable piece of Auth. Service that supports different plug-ins which adhere to its AuthMethodHandler.
The length of Token depends on the KeyStone configuration as to what has been used as "Provider" (token provider driver) which can be UUID or PKI (or any custom from what I understand). This will determine the algorithm used to generate token and hence its length.
KeyStone can (and should) be configured to use SSL, which shall protect the Requests. You can even plug-in LDAP. Use the KeyStone in pairing with Kerberos to make it more safe.
For storage of secrets in DB you can read detail from this BluePrint: https://wiki.openstack.org/wiki/BlueprintSecureSecretStorage#Tokens
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.