Please note that the behaviour is not enabled by default, as enabling it opens a security hole. To enable it, you need to set [federation]/cache_group_membership_in_db=True in /etc/keystone/keystone.conf and restart the apache2 service. I will write a standalone comment describing the vulnerability and how to mitigate it.
Robert, MOS OpenStack source repositories were always closed for people outside of Mirantis. On the other hand, OpenStack packages (specs) and dependencies repos are open. E.g. /review. fuel-infra. org/#/admin/ projects/ openstack- build/keystone- build /review. fuel-infra. org/#/admin/ projects/ packages/ trusty/ rabbitmq- server
https:/
https:/
But you may consume the resulting packages. If I am not mistaken, 9.3.0-3~u14.04+mos7 packages from the following mirror should contain the fix http:// mirror. fuel-infra. org/mos- repos/ubuntu/ snapshots/ 9.0-2017- 04-03-122420/ pool/main/ k/keystone/
Please note that the behaviour is not enabled by default, as enabling it opens a security hole. To enable it, you need to set [federation] /cache_ group_membershi p_in_db= True in /etc/keystone/ keystone. conf and restart the apache2 service. I will write a standalone comment describing the vulnerability and how to mitigate it.