Comment 3 for bug 1299146
Revision history for this message
| Alistair Coles (alistair-coles) wrote | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Point of clarification: the vulnerability is only exposed when authtoken middleware is configured to use keystone v3 API.
When authtoken uses keystone V2 API, users in domains other than the default are not authenticated.
When authtoken is configured to use keystone V3 API, users in other domains may be authenticated, but keystoneauth in swift is unaware of the multiple domains when matching users to ACL entries.