diff options
| author | Brant Knudson <bknudson@us.ibm.com> | 2014-08-24 10:04:10 -0500 |
|---|---|---|
| committer | Thierry Carrez <thierry@openstack.org> | 2014-10-10 10:59:59 +0200 |
| commit | 3a64723917366eff4d8896b2b2d3d82fa462d25d (patch) | |
| tree | 529feff36bb3d760b59e92864a1b568aced44f25 | |
| parent | 9b0ba951c07af13aa4c386b19876474b971e7946 (diff) | |
| download | horizon-3a64723917366eff4d8896b2b2d3d82fa462d25d.tar.gz | |
Document token hash algorithm option
With https://review.openstack.org/#/c/116509/ ,
django-openstack-auth will support a new option for the token hash
algorithm. This adds the documentation to Horizon's local settings
example file.
This is for security hardening. The token hash algorithm defaults
to MD5, which is considered too weak due to the potential for hash
collisions. Some security standards require a SHA2 hash algorithm to
be used.
DocImpact
SecurityImpact
Change-Id: I6774b9b7215d191259586e4721e357487bb777cd
Closes-Bug: #1174499
(cherry picked from commit 372d033d89c0f5d305959a6ad5fd3e1159cc91ed)
| -rw-r--r-- | doc/source/topics/settings.rst | 11 | ||||
| -rw-r--r-- | openstack_dashboard/local/local_settings.py.example | 7 |
2 files changed, 18 insertions, 0 deletions
diff --git a/doc/source/topics/settings.rst b/doc/source/topics/settings.rst index 9e3c4d6b2..7a2aad495 100644 --- a/doc/source/topics/settings.rst +++ b/doc/source/topics/settings.rst @@ -701,6 +701,17 @@ Valid values are ``"AUTO"``(default), ``"VNC"``, ``"SPICE"``, ``"RDP"`` and ``None``(this latest value is available in version 2014.2(Juno) to allow deactivating the in-browser console). +``OPENSTACK_TOKEN_HASH_ALGORITHM`` +---------------------------------- + +.. versionadded:: 2014.2(Juno) + +Default: ``"md5"`` + +The hash algorithm to use for authentication tokens. This must match the hash +algorithm that the identity (Keystone) server and the auth_token middleware +are using. Allowed values are the algorithms supported by Python's hashlib +library. Django Settings (Partial) ========================= diff --git a/openstack_dashboard/local/local_settings.py.example b/openstack_dashboard/local/local_settings.py.example index 08766cfb7..5e988dacc 100644 --- a/openstack_dashboard/local/local_settings.py.example +++ b/openstack_dashboard/local/local_settings.py.example @@ -529,3 +529,10 @@ SECURITY_GROUP_RULES = { # to set this to True if you were running Nova Networking with # auto_assign_floating_ip = True. # SAHARA_AUTO_IP_ALLOCATION_ENABLED = False + +# The hash algorithm to use for authentication tokens. This must +# match the hash algorithm that the identity server and the +# auth_token middleware are using. Allowed values are the +# algorithms supported by Python's hashlib library. +# OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5' + |