On 19/07/16 01:49, David Stanek wrote: > On Mon, Jul 18, 2016 at 9:13 AM, Adrian Turjak <adri...@catalyst.net.nz> > wrote: >> We need an MFA solution, and this doesn't seem like too terrible an option. > > > One thing to note here is that the credentials for TOTP stored in the > keystone credentials backend are not encrypted. So a breach of your > database could expose those to an attacker. This is a review[1] to fix > this issue that is close to merging. > > 1. https://review.openstack.org/#/c/317169/ >
Have noticed this, and we are looking at a few options to do something about this by protecting our Keystone database. This review is ideal and something I will keep and eye on! __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
