Ok, thanks to all for the replies. Ok I think I will use ssl. Following this link http://docs.openstack.org/admin-guide-cloud/content//ch-identity-mgmt-config.html I understand how i prepare the environment for the authentication. So, How I can request a token using ssl??
Thak you! Emanuel 2014-02-05 Shohel Ahmed <shohel_c...@yahoo.com>: > The current username/password authentication mechanism is not the best > security practice. However, assuming there is a point to point secure > channel, the risk of password exposure can be contained. In addition to > that, one can always choose external authentication plugged with Keystone > e.g., your own middleware in the pipeline or Kerberos ( not fully functional > yet). Some hints are provided in keystone guideline: > http://docs.openstack.org/developer/keystone/external-auth.html > > > On Wednesday, February 5, 2014 12:25 PM, "Clark, Robert Graham" > <robert.cl...@hp.com> wrote: > On Wed Feb 5 08:34:34 2014, Rob Crittenden wrote: >> Emanuel Marzini wrote: >>> Hi, >>> I have a software that uses Openstack. When it do an action for the >>> first time, it need to get a token from Openstack. How it's possible >>> make a POST request like: >>> >>> '{"auth":{"passwordCredentials":{"username": "joeuser", "password": >>> "secrete"}}}' -H "Content-type: application/json" >>> http://localhost:35357/v2.0/tokens >>> >>> without pass the password in plaintext??? >>> >>> It's possible use PKI, ssl and so on? >> >> The documentation on this is scant but you can start with something like >> http://docs.openstack.org/developer/keystone/configuration.html >> >> You'll need to create new endpoints for the SSL provider and set >> OS_SERVICE_ENDPOINT to the secure version. >> >> If you want to disable/remove the unsecure ports things get rather >> interesting as you'll need to configure all the other services to use >> this as well. I don't know how well or if that actually works everywhere. >> >> rob >> > > You might find some of the guidance from the OpenStack Security Guide > useful too: > http://docs.openstack.org/security-guide/content/ch024_authentication.html > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
