OpenStack Identity (keystone)

Default to PKI tokens

Bug #1063852 reported by Adam Young on 2012-10-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	High	Joseph Heck	OpenStack Identity (keystone) 2013.1 "grizzly"

Bug Description

Currently the default is UUID tokens. Switch this to PKI tokens.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-10-08: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/14167

Changed in keystone:
status:	New → In Progress

Dan Prince (dan-prince) on 2012-10-08

Changed in keystone:
assignee:	nobody → Adam Young (ayoung)
importance:	Undecided → High

Revision history for this message

Boden R (boden) wrote on 2012-10-08:

If PKI is used by default, will we ship a 'default' set of certs or will we update the docs to inform the user that PKI is the default and they need to generate the appropriate cert artifacts?

OpenStack Infra (hudson-openstack) on 2012-10-19

Changed in keystone:
assignee:	Adam Young (ayoung) → Joseph Heck (heckj)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-10-23: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/14167
Committed: http://github.com/openstack/keystone/commit/cb122095cfdbe86bdde3950fa69f4676e0d3de1c
Submitter: Jenkins
Branch: master

commit cb122095cfdbe86bdde3950fa69f4676e0d3de1c
Author: Adam Young <email address hidden>
Date: Mon Oct 8 11:20:24 2012 -0400

Fixes Bug 1063852

    Add in the issue time, to prevent a race condition where a token is issued and
    revoked, and then a request for an additional token is processed identical
    to the first. Each token now contains the issue time to make it unique.

(moving changing default to PKI to separate review)

Change-Id: I26ed5b3bb31840f5baaf64dbcbeac477e4d71afd

Changed in keystone:
status:	In Progress → Fix Committed

Joseph Heck (heckj) on 2012-11-20

Changed in keystone:
milestone:	none → grizzly-1

Thierry Carrez (ttx) on 2012-11-22

Changed in keystone:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-04-04

Changed in keystone:
milestone:	grizzly-1 → 2013.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.