(Potential #security-team goal for Jan-Mar 2016)
To make the WMF more resilient to compromise, move all password hashes for CentralAuth accounts out of the main centralauth database and into a database only accessible from a single authentication service.
The service will need to handle,
* Password authentication
** by implication, it will need to handle new account creation and password resets too
* Creating and authenticating temporary / forgotten-password tokens
* (possibly) tokens
* (possibly) alerting on anomalous request behavior
The service should store password hashes in a format that is no weaker than they are currently stored in CentralAuth.
The service needs high availability (since it will be used for password logins, and possibly token logins)
* Anticipated load: https://grafana.wikimedia.org/dashboard/db/authentications (<50 minute)