Comment 2 for bug 1179955

Chmouel Boudjnah (chmouel) wrote :

FYI: I have just figured out that my tokens were stored in mysql DB so clearing them (or using memcached tokens) would get the tokens properly invalided after update.

I still believe there is a bug that we need to delete the token belonging to the tenants when we update it in :

https://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L108

like done for users :

https://github.com/openstack/keystone/blob/master/keystone/identity/controllers.py#L220

I think we can remove the security issue tag (but that's definitvely a bug) since this can be workarounded but I would like some feedback from keystone core devs first.