<div style="text-align:left">In short, PKI tokens are able to be validated client-side, reducing network chattiness with keystone, etc.</div><div style="text-align:left"><br></div><div style="text-align:left">Although PKI was implemented in Folsom, it wasn't shipped as the default. Our goal in changing the default now is to flush out any issues as early in the Grizzly cycle as possible.</div>
<div style="text-align:left"><br></div><div style="text-align:left">If you're having any issues with PKI tokens, you can A) file bugs as appropriate (please!), and B) switch back to UUID tokens by changing [signing] token_format in keystone.conf from 'PKI' back to 'UUID'.</div>
<div><br></div>-Dolph<br>
<br><br><div class="gmail_quote">On Thu, Oct 25, 2012 at 7:52 AM, David Kranz <span dir="ltr"><<a href="mailto:david.kranz@qrclab.com" target="_blank">david.kranz@qrclab.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
On 10/25/2012 1:13 AM, Daryl Walleck wrote:
<blockquote type="cite">
<div style="direction:ltr;font-size:10pt;font-family:Tahoma">While spinning up a new devstack
tonight I noticed some very odd behavior. Keystone is suddenly
giving me back a 3000+ character auth token, and the ids for
flavors I'm creating are extremely large ints (uuids I could
see, but not this). Does anyone have any insight into if either
of these changes were intentional?
<div><br>
</div>
<div>Daryl</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
I think that must be a result of
<a href="https://review.openstack.org/#/c/14577/" target="_blank">https://review.openstack.org/#/c/14577/</a> which changed the keystone
default to use PKI "tokens". <br>
Could some one from the keystone team explain any implication of
this?<span class="HOEnZb"><font color="#888888"><br>
<br>
-David<br>
</font></span></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br>