Comment 17 for bug 1434034

I already have singed ICLA.
*送信者 :* OpenStack LLC (OpenStack LLC)
*宛先 :* Yukihiro Kawada
*日付 :* 2012-09-11 5:38 PM
*ステータス :* 署名済み
This email is "<email address hidden>".

But we have not singed CCLA yet.

Thank you.

2015-03-27 7:54 GMT+09:00 Morgan Fainberg <email address hidden>:

> Attached is a fix for this issue against Master (Kilo). This is loosely
> based on the ideas from Y.Kawada.
>
> @Y.Kawada, if you have an email (and signed the appropriate CLA/under a
> CCLA) I'd be happy to put you down as a co-author for this fix. Let me
> know either here or on IRC (I'm "morganfainberg" on FreeNode).
>
> ---
>
> This will need to be backported to Juno and Icehouse (if Icehouse has
> not hit actual EOL by the time it's ready)
>
> ** Patch added: "Patch to solve #1434034 for Keystone Master (Kilo)"
>
> https://bugs.launchpad.net/keystone/+bug/1434034/+attachment/4357437/+files/0001-Assert-the-user-and-trustor-are-enabled-when-validat.master.patch
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1434034
>
> Title:
> Even if the user is disabled, can use the last token is validated
>
> Status in OpenStack Identity (Keystone):
> Triaged
> Status in Keystone juno series:
> Triaged
> Status in OpenStack Security Advisories:
> Incomplete
>
> Bug description:
> Even if the user is disabled, can use the last token is validated.
>
> 0. user foo is enable
> 1. get token (a)
> 2. user foo is disabled
> 3. foo can still use any APIs by token(a)
>
> that's all.
> This issue is not cache process.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/keystone/+bug/1434034/+subscriptions
>

--
===
Yukihiro KAWADA