Memcache token backend stores entire PKI token in usertoken index

Bug #1202050 reported by Kieran Spear
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Invalid
Medium
Unassigned
Grizzly
Won't Fix
Medium
Unassigned

Bug Description

Following on from:
http://lists.openstack.org/pipermail/openstack-dev/2013-July/011959.html

This looks to be fixed on master but Grizzly Keystone is storing the entire encoded PKI token in the user index. It only needs to be storing the hash. With a PKI token around 4k a user can only create 256 tokens before the memcache backend hits the page limit of 1MB and token creation starts failing for that user.

Dolph Mathews (dolph)
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
status: Triaged → Invalid
Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

Grizzly is EOL, wont fix the grizzly branch at this point. Havana and beyond have this fix.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.