Merge "Included information about keyring support"

This commit is contained in:
Jenkins 2014-08-29 17:03:03 +00:00 committed by Gerrit Code Review
commit 661e9a981e
2 changed files with 29 additions and 0 deletions

View File

@ -129,4 +129,5 @@ export OS_REGION_NAME=<replaceable>regionName</replaceable></programlisting>
<screen><prompt>$</prompt> <userinput>keystone --os-password <replaceable>PASSWORD</replaceable> service-list</userinput></screen>
<para>Where <replaceable>PASSWORD</replaceable> is your password.</para>
</section>
<xi:include href="../common/section_keystone-keyring-support.xml"/>
</section>

View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="section_keystone-keyring-support">
<title>Keyring support</title>
<para>Keyring is a password management system available in OpenStack.
You can install it using the following command:</para>
<screen><prompt>$</prompt> <userinput>pip install keyring</userinput></screen>
<note>
<para>Keyring is used only if <parameter>--os-use-keyring</parameter>
is specified or if the environment variable
<parameter>OS_USE_KEYRING=true</parameter> is defined.</para>
</note>
<para>A user specifies their username and password credentials to interact
with OpenStack, using any client command. These credentials can be specified
using various mechanisms, namely, the environment variable, or command line argument.
It is not safe to specify the password using either of these methods.</para>
<para>For example, when you specify your password using the command-line client
with the <parameter>--os-password</parameter> argument, anyone with access
to your computer can view it in plain text with the <parameter>ps</parameter>
field.</para>
<para>To avoid storing the password in plain text, you can prompt for the
OpenStack password interactively. Then, the keyring can store the password
and the user can safely retrieve it from their keyring. The encrypted password
is stored in the <filename>~/.openstack-keyring.cfg</filename> file.</para>
</section>