Chapter 18. Identity in OpenStack Security Guide -> Service Authorization - current - confusing paragraph
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Fix Released
|
Low
|
zhangtralon |
Bug Description
Section: Service Authorizationt, last paragraph
This paragraph is confusing or at least awkward. It could be more precise:
For client authentication with SSL, you need to issue certificates. These certificates can be signed by an external authority or by the cloud administrator. OpenStack services by default check the signatures of certificates and connections fail if the signature cannot be checked. If the administrator uses self-signed certificates, the check might need to be disabled. To disable these certificates, set insecure=False in the [filter:authtoken] section in the /etc/nova/
Consider the following:
Client authentication with SSL requires certificates be issued to services. These certificates can be signed by an external or internal certificate authority. OpenStack services check the validity of certificate signatures against trusted CAs by default and connections will fail if the signature is not valid or the CA is not trusted. Cloud deployers may use self-signed certificates. In this case, the validity check must disabled or the certificate marked as trusted. To disable validation of self-signed certificates set insecure=False in the [filter:authtoken] section of the /etc/nova/
-------
Built: 2014-07-15T19:04:54 00:00
git SHA: f7711cc343e5042
URL: http://
source File: file:/home/
xml:id: identity
Changed in openstack-manuals: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in openstack-manuals: | |
assignee: | nobody → zhangtralon (zhangchunlong1) |
Changed in openstack-manuals: | |
status: | Confirmed → In Progress |
Reviewed: https:/ /review. openstack. org/107928 /git.openstack. org/cgit/ openstack/ security- doc/commit/ ?id=ceb403038bf 92865f001590b1a 2268cb08fe2b3f
Committed: https:/
Submitter: Jenkins
Branch: master
commit ceb403038bf9286 5f001590b1a2268 cb08fe2b3f
Author: zhangtralon <email address hidden>
Date: Fri Jul 18 16:22:14 2014 +0800
last section in Service Authorization is confusing
the last paragraph in Service Authorization is confusing or at least
awkward.
Change-Id: I3f0c8454baf9d9 66cf6c0b7828f80 cc5b37c9620
Closes-Bug: 1342365