OpenStack Security Notes

  1. Bug #1434034
  2. Comment #16

Comment 16 for bug 1434034

Revision history for this message
Guang Yee (guang-yee) wrote : Re: Even if the user is disabled, can use the last token is validated

Can we do the fix at the driver?

https://github.com/openstack/keystone/blob/master/keystone/identity/core.py#L754

Like

if enabled_change or user.get('password') is not None or user['enabled'] is False:
    self.emit_invalidate_user_token_persistence(user_id)