Comment 2 for bug 1166670

Deleting a user should result in all of the user's tokens being revoked, which should be recognized by the auth_token middleware (either by revocation list for PKI or by calling keystone per token for UUID), causing subsequent requests by the user to result in 401's.

Can you confirm:

- which type of tokens are in use, UUID or PKI?
- which middleware is protecting nova? keystone.middleware.auth_token or keystoneclient.middleware.auth_token?
- how is the middleware configured? specifically interested in revocation_cache_time if set, which should default to 1 second
- which release/branch of keystone is this occurring on?