Comment 4 for bug 1129713
Revision history for this message
| Adam Young (ayoung) wrote Re: Validation of PKI tokens bypasses revocation check | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
The default behaviour in Folsom is for Keystone to still hand out UUID tokens, so this code path is not hit by default.
The auth-token middleware has access to a configuration option which says "always verify online." which is not set by default, so even if the user switched over to PKI tokens, they would not get that option, and this path would no be hit.
It would require setting both the keystone server to hand out PKI tokens, and the servives that consume auth_token middleware to verify online in order to execute this path.