update auth_token to default signing_dir w/ os USER as suffix
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Adam Young |
Bug Description
Just had a good discussion with ayoung on IRC:
When running multiple Openstack services (Nova, Glance, Swift, etc.) on the same node it is possible to hit permission exceptions when using auth_token middleware with a 'signing_dir' that is the same name across all services. The default name is currently '/tmp/keystone-
Options include:
-Using another one of the keystone auth_token parameters in the name (admin_name *could* be used but it might be a security issue since it contains the name used for auth... probably best to avoid it)
-Adam suggested using the OS 'USERNAME'. Seems like a better solution.
Changed in keystone: | |
status: | New → In Progress |
assignee: | nobody → Dan Prince (dan-prince) |
Changed in keystone: | |
importance: | Undecided → Critical |
importance: | Critical → High |
Changed in keystone: | |
assignee: | Dan Prince (dan-prince) → Adam Young (ayoung) |
Changed in keystone: | |
milestone: | none → folsom-3 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | folsom-3 → 2012.2 |
Fix proposed to branch: master /review. openstack. org/10560
Review: https:/