Comment 9 for bug 1202952
Revision history for this message
| Thierry Carrez (ttx) wrote Re: PKI tokens are never revoked using memcache token backend | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Looks like this will need an OSSA in all cases.
If I understand the comments correctly, the issue is that the server in some cases (grizzly/memcache at least, not sure about others... please re-precise) returns full token instead of token id in the check, which breaks Keystone middleware revocation.
If that's correct, I suppose we could fix it directly on the server side because it's a bit unlikely that another client would have relied on that wrong answer.. The alternative is to not fix it in Grizzly, support both forms in the middleware/client side and introduce the fix only in Havana...