Comment 25 for bug 1508489

Ok, the situation:

* client app using keystoneclient library tries to do something
* for that it needs a token
* for that it needs a keystone endpoint to request
* now it requests the endpoint from keystone based on its OS_AUTH_URL env var
* keystone returns public_endpoint specified in its config
* client app then tries to request a token using this endpoint
* the endpoint is inaccessible

This can be solved several ways depending on the needs.

So the question is: what is the needed behavior? I can say that ks and ksc work as designed, so if we want to change something, it will not be a bug fix.