On 12/24/2015 03:20 AM, 大塚元央 wrote:
Hi, Hua.
I agree with you if trust_id is secret.
But I think trust_id is not a secret.
This is not correct. Trust ID is only usable by the trustee user to get
a token, and does not need to be treated as a secret.
User can know trustee_user_name and trustee_password from k8s/swarm
instances.
If user knows about other user's trust_id, user can use a other user's
swift resources.
This wii be a security risk.
Thanks
-yuanying
2015年12月24日(木) 16:49 王华 <[email protected]
<mailto:[email protected]>>:
Hi all,
I want to create a trustee user for each bay [1]. The discussion
for trust is in [2].
Here is my solution:
I don't create a user for each bay. All the bays no matter who
creates it use the same user.
But we create different trust for the user for different bay. The
user can not access any service without the trust id. So there is
no need to create a user for each bay.
[1]https://blueprints.launchpad.net/magnum/+spec/create-trustee-user-for-each-bay
[2]https://review.openstack.org/#/c/254705/
Regards,
Wanghua
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
[email protected]?subject:unsubscribe
<http://[email protected]?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
