Memcache token backend stores entire PKI token in usertoken index

Bug #1202050 reported by Kieran Spear on 2013-07-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Unassigned
Grizzly
Medium
Unassigned

Bug Description

Following on from:
http://lists.openstack.org/pipermail/openstack-dev/2013-July/011959.html

This looks to be fixed on master but Grizzly Keystone is storing the entire encoded PKI token in the user index. It only needs to be storing the hash. With a PKI token around 4k a user can only create 256 tokens before the memcache backend hits the page limit of 1MB and token creation starts failing for that user.

Dolph Mathews (dolph) on 2013-07-17
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
status: Triaged → Invalid
Morgan Fainberg (mdrnstm) wrote :

Grizzly is EOL, wont fix the grizzly branch at this point. Havana and beyond have this fix.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers