Project

General

Profile

Actions

Bug #11367

closed

Keystone PKI token expiration is not enforced

Added by Anton Aksola about 9 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
-
% Done:

0%

Source:
other
Tags:
Backport:
hammer, firefly
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Our customer reported that their tokens do not seem to expire.

It seems that there is no expiration check after decoding a PKI token. While there is an expiration check in the token cache class it has no effect when dealing with PKI tokens.

I have made a small patch against firefly and it seems to correct the issue in our environment:
https://github.com/aakso/ceph/tree/wip-rgw-pki-token-expire-firefly


Related issues 2 (0 open2 closed)

Copied to rgw - Backport #11721: Keystone PKI token expiration is not enforcedResolvedNathan Cutler04/10/2015Actions
Copied to rgw - Backport #11722: Keystone PKI token expiration is not enforcedResolvedAbhishek Lekshmanan04/10/2015Actions
Actions #1

Updated by Yehuda Sadeh almost 9 years ago

The fix looks correct. Can you send a pull request against the ceph upstream repository, and add a Signed-off-by tag to the commit?

Actions #2

Updated by Loïc Dachary almost 9 years ago

  • Status changed from New to Pending Backport
  • Backport set to firefly
Actions #3

Updated by Anton Aksola almost 9 years ago

Actions #4

Updated by Loïc Dachary almost 9 years ago

  • Status changed from Pending Backport to In Progress
  • Regression set to No
Actions #5

Updated by Anton Aksola almost 9 years ago

I tested the patch against master snapshot in our QA and it seems to work. Going to resubmit a merge request soon.

Actions #7

Updated by Yehuda Sadeh almost 9 years ago

  • Backport changed from firefly to hammer, firefly
Actions #8

Updated by Yehuda Sadeh almost 9 years ago

  • Status changed from In Progress to Pending Backport
Actions #9

Updated by Yehuda Sadeh almost 9 years ago

  • Assignee set to Loïc Dachary
Actions #10

Updated by Yehuda Sadeh over 8 years ago

  • Status changed from Pending Backport to Resolved
Actions

Also available in: Atom PDF