We are not configuring nss as part of the rgw installation when relating with keystone. The consequence is that the RGW is unable to retrieve a list of revoked tokens from keystone and thus cannot remove revoked tokens from its cache. Keystone always encodes and signs the response from .../v2.0/tokens/revoked so we need to configure the 'nss db path'.
We are not configuring nss as part of the rgw installation when relating with keystone. The consequence is that the RGW is unable to retrieve a list of revoked tokens from keystone and thus cannot remove revoked tokens from its cache. Keystone always encodes and signs the response from .../v2. 0/tokens/ revoked so we need to configure the 'nss db path'.
More info at http:// docs.openstack. org/developer/ keystone/ api_curl_ examples. html#get- tokens- revoked
Also at http:// docs.ceph. com/docs/ v0.80/radosgw/ config/ #integrating- with-openstack- keystone