On Mon, Jun 25, 2012 at 6:19 PM, Ken Thomas <k...@yahoo-inc.com> wrote:
> Greetings all, > > Our security folks have an issue with putting passwords on the command > line or in the environment. I wrote up a blueprint that gives the details > on their objections as well as a proposed short-term fix for keystone ( > https://blueprints.launchpad.**net/keystone/+spec/prompt-for-**password<https://blueprints.launchpad.net/keystone/+spec/prompt-for-password>). > We'd like to see this same change get into UnifiedCLI as a longer term fix. > > The change is minor. If no password was found on the command line or in > the env, just before the "expecting password" error is raised, we make an > attempt to prompt the user for it. If we get something, great! Our > security folks are happy and we keep processing. If we don't get the > password for any number of reasons (keystone wasn't being run from a tty, > the user hit Ctrl-C or Ctrl-D when prompted), then we raise the error just > as before. > > I've already submitted the keystone changes for review ( > https://review.openstack.org/**#/c/8958/3/keystoneclient/**shell.py<https://review.openstack.org/#/c/8958/3/keystoneclient/shell.py>) > and I'd be happy to make the same change to UnifiedCLI as well. > Thanks, Ken! That sounds like a good change to make. If you add me as a reviewer on the patch, I'll make sure to look at the changes. Doug
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
