Document token hash algorithm option
With https://review.openstack.org/#/c/116509/ , django-openstack-auth will support a new option for the token hash algorithm. This adds the documentation to Horizon's local settings example file. This is for security hardening. The token hash algorithm defaults to MD5, which is considered too weak due to the potential for hash collisions. Some security standards require a SHA2 hash algorithm to be used. DocImpact SecurityImpact Change-Id: I6774b9b7215d191259586e4721e357487bb777cd Closes-Bug: #1174499
This commit is contained in:
parent
9f5156cf16
commit
372d033d89
|
@ -687,6 +687,17 @@ Valid values are ``"AUTO"``(default), ``"VNC"``, ``"SPICE"``, ``"RDP"`` and
|
|||
``None``(this latest value is available in version 2014.2(Juno) to allow
|
||||
deactivating the in-browser console).
|
||||
|
||||
``OPENSTACK_TOKEN_HASH_ALGORITHM``
|
||||
----------------------------------
|
||||
|
||||
.. versionadded:: 2014.2(Juno)
|
||||
|
||||
Default: ``"md5"``
|
||||
|
||||
The hash algorithm to use for authentication tokens. This must match the hash
|
||||
algorithm that the identity (Keystone) server and the auth_token middleware
|
||||
are using. Allowed values are the algorithms supported by Python's hashlib
|
||||
library.
|
||||
|
||||
Django Settings (Partial)
|
||||
=========================
|
||||
|
|
|
@ -528,3 +528,10 @@ SECURITY_GROUP_RULES = {
|
|||
# to set this to True if you were running Nova Networking with
|
||||
# auto_assign_floating_ip = True.
|
||||
# SAHARA_AUTO_IP_ALLOCATION_ENABLED = False
|
||||
|
||||
# The hash algorithm to use for authentication tokens. This must
|
||||
# match the hash algorithm that the identity server and the
|
||||
# auth_token middleware are using. Allowed values are the
|
||||
# algorithms supported by Python's hashlib library.
|
||||
# OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5'
|
||||
|
||||
|
|
Loading…
Reference in New Issue