Memcache token backend stores entire PKI token in usertoken index
Bug #1202050 reported by
Kieran Spear
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Medium
|
Unassigned | ||
Grizzly |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Following on from:
http://
This looks to be fixed on master but Grizzly Keystone is storing the entire encoded PKI token in the user index. It only needs to be storing the hash. With a PKI token around 4k a user can only create 256 tokens before the memcache backend hits the page limit of 1MB and token creation starts failing for that user.
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → Medium |
status: | Triaged → Invalid |
To post a comment you must log in.
Grizzly is EOL, wont fix the grizzly branch at this point. Havana and beyond have this fix.