(feature request) allow multiple passwords per user to enable credential rotation

[maplebed]

In order to change a user's password when the clients are distributed and the system is under production load, it is useful to be able to manage multiple passwords per user, to enable a phased change.

• create new password
• change clients configuration
• revoke old password

Amazon describes this process here: http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#CredentialRotation

[clayg]

This is a neat idea, since it's been awhile I might point out the swift "recently" added support for temp-url-key rotation:

http://docs.openstack.org/developer/swift/misc.html#module-swift.common.middleware.tempurl

^ search for "Key-2"

Tempurl doesn't really solve everything, but it can suite many use cases. e.g.

http://torgomatic.us/blog/2013/05/09/tempurl-tricks-write-only-access-for-backups/

[onovy]

moved here: https://bugs.launchpad.net/swauth/+bug/1516983