Bug #11367: Keystone PKI token expiration is not enforced - rgw - Ceph

Actions

Copy link

Bug #11367

closed

Keystone PKI token expiration is not enforced

Added by Anton Aksola about 9 years ago. Updated over 8 years ago.

Status:

Resolved

Priority:

High

Assignee:

Loïc Dachary

Target version:

% Done:

Source:

other

Tags:

Backport:

hammer, firefly

Regression:

Severity:

2 - major

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

Our customer reported that their tokens do not seem to expire.

It seems that there is no expiration check after decoding a PKI token. While there is an expiration check in the token cache class it has no effect when dealing with PKI tokens.

I have made a small patch against firefly and it seems to correct the issue in our environment:
https://github.com/aakso/ceph/tree/wip-rgw-pki-token-expire-firefly

Related issues 2 (0 open — 2 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

	Copied to rgw - Backport #11721: Keystone PKI token expiration is not enforced	Resolved	Nathan Cutler	04/10/2015			Actions
	Copied to rgw - Backport #11722: Keystone PKI token expiration is not enforced	Resolved	Abhishek Lekshmanan	04/10/2015			Actions

Project

General

Profile

Ceph » rgw

Custom queries

Bug #11367

Keystone PKI token expiration is not enforced

Updated by Yehuda Sadeh about 9 years ago

Updated by Loïc Dachary about 9 years ago

Updated by Anton Aksola about 9 years ago

Updated by Loïc Dachary almost 9 years ago

Updated by Anton Aksola almost 9 years ago

Updated by Anton Aksola almost 9 years ago

Updated by Yehuda Sadeh almost 9 years ago

Updated by Yehuda Sadeh almost 9 years ago

Updated by Yehuda Sadeh almost 9 years ago

Updated by Yehuda Sadeh over 8 years ago