Actions
Bug #11367
closedKeystone PKI token expiration is not enforced
% Done:
0%
Source:
other
Tags:
Backport:
hammer, firefly
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Our customer reported that their tokens do not seem to expire.
It seems that there is no expiration check after decoding a PKI token. While there is an expiration check in the token cache class it has no effect when dealing with PKI tokens.
I have made a small patch against firefly and it seems to correct the issue in our environment:
https://github.com/aakso/ceph/tree/wip-rgw-pki-token-expire-firefly
Updated by Yehuda Sadeh about 9 years ago
The fix looks correct. Can you send a pull request against the ceph upstream repository, and add a Signed-off-by tag to the commit?
Updated by Loïc Dachary about 9 years ago
- Status changed from New to Pending Backport
- Backport set to firefly
Updated by Anton Aksola about 9 years ago
- correct patch bug against the wrong branch, needs to be on master https://github.com/ceph/ceph/pull/4429
Updated by Loïc Dachary almost 9 years ago
- Status changed from Pending Backport to In Progress
- Regression set to No
Updated by Anton Aksola almost 9 years ago
I tested the patch against master snapshot in our QA and it seems to work. Going to resubmit a merge request soon.
Updated by Anton Aksola almost 9 years ago
New pull request: https://github.com/ceph/ceph/pull/4617
Updated by Yehuda Sadeh almost 9 years ago
- Backport changed from firefly to hammer, firefly
Updated by Yehuda Sadeh almost 9 years ago
- Status changed from In Progress to Pending Backport
Updated by Yehuda Sadeh over 8 years ago
- Status changed from Pending Backport to Resolved
Actions