To make the WMF more resilient to compromise, move all password hashes for CentralAuth accounts out of the main centralauth database and into a database only accessible from a single authentication service.
The service will need to handle,
- Password authentication
- by implication, it will need to handle new account creation and password resets too
- Creating and authenticating temporary / forgotten-password tokens
- (possibly) tokens
- (possibly) alerting on anomalous request behavior
The service should store password hashes in a format that is no weaker than they are currently stored in CentralAuth.
The service needs high availability (since it will be used for password logins, and possibly token logins)
- Anticipated load: https://grafana.wikimedia.org/dashboard/db/authentications (<50 minute)