Comment 40 for bug 1434034
Revision history for this message
| Morgan Fainberg (mdrnstm) wrote Re: Even if the user is disabled, can use the last token is validated | #40 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
There is no good way to solve this for PKI. I would actually say pki is more insecure today than uuid/Fernet. I actively recommend that PkI tokens are not used.
Federated is more of an accepted risk: we have an open BP / RFE to handle the standard ways of disable/