On Thu, Oct 12, 2017 at 11:49 PM, Puneet Jain <[email protected]> wrote:
> Hi All, > > The OpenStack login screen has just login name and password for > validation. Now, if someone writes a script to perform DoS attacks by > sending a lot of fake login requests, the server will easily become > unavailable. > If you have found an exploit please raise it in launchpad and mark as security bug for the VMT to look at. > I know there is a section in the security page which talks about > multi-factor authentication. However, each organization has to implement > this at their own (Correct me if I am wrong here). > > Questions > > Is there any property based solution to provide multifactor > authentication? Like, the multi-factor implementation would be a part of > OpenStack installation but would be unavailable by default and if an > organization enables that property, they will have the multifactor > authentication enabled. > > I apologize if my question is very basic. I am quite new to OpenStack. > > > So keystone is an *identity service*, it's not positioned as being an *identity provider* (although it can act as a basic provider by using an instance of mariadb, but this is not the norm for production deployments). Instead a typical deployment will have third party systems act as identity provider, and this could be in any form such as LDAP, Active Directory and SAML / OpenID via Federation. The operator would then implement MFA in their chosen identity provider. I recommend a read of this: https://docs.openstack.org/keystone/latest/advanced- topics/federation/federated_identity.html For this reason, its unlikely that Keystone will provide MFA out of the box. > -- > Best > Regards, > Puneet Jain > > <https://www.linkedin.com/pub/puneet-jain/20/917/a54> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat e: [email protected] | irc: lhinds @freenode | m: +44 77 45 63 98 84 | t: +44 12 52 36 2483
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
