I have not finalized testing in this grizzly patchset, I will work on finalizing tests once I am back at home this evening. This fix can be validated by using Steven Hardy's script from #1. I have confirmed this re-enables Impersonation Trusts and fixes the security flaw.
Ok a couple bits of added information.
Grizzly is not affected by this bug to an issue with how impersonation is checked for. As seen here: http:// git.openstack. org/cgit/ openstack/ keystone/ tree/keystone/ token/controlle rs.py?h= stable/ grizzly# n204
we check for the string "True" not the singleton True. This means that impersonation will never work within grizzly and mitigates this problem. This issue was fixed in Havana but never backported.
I have not finalized testing in this grizzly patchset, I will work on finalizing tests once I am back at home this evening. This fix can be validated by using Steven Hardy's script from #1. I have confirmed this re-enables Impersonation Trusts and fixes the security flaw.