Actions
Bug #11367
closedKeystone PKI token expiration is not enforced
% Done:
0%
Source:
other
Tags:
Backport:
hammer, firefly
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Our customer reported that their tokens do not seem to expire.
It seems that there is no expiration check after decoding a PKI token. While there is an expiration check in the token cache class it has no effect when dealing with PKI tokens.
I have made a small patch against firefly and it seems to correct the issue in our environment:
https://github.com/aakso/ceph/tree/wip-rgw-pki-token-expire-firefly
Actions