<div>
This is one reason to use the memcached backend. Why replicate these tokens in the first place.
</div>
<div></div>
<p style="color: #A0A0A8;">On Tuesday, January 27, 2015 at 10:21 AM, Clint Byrum wrote:</p>
<blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
<span><div><div><div><br></div><div>Excerpts from Tim Bell's message of 2015-01-25 22:10:10 -0800:</div><blockquote type="cite"><div><div>This is often mentioned as one of those items which catches every OpenStack cloud operator at some time. It's not clear to me that there could not be a scheduled job built into the system with a default frequency (configurable, ideally).</div><div><br></div><div>If we are all configuring this as a cron job, is there a reason that it could not be built into the code ?</div></div></blockquote><div>It has come up before.</div><div><br></div><div>The main reason not to build it into the code as it's even better to</div><div>just _never store tokens_:</div><div><br></div><div><a href="https://blueprints.launchpad.net/keystone/+spec/non-persistent-tokens">https://blueprints.launchpad.net/keystone/+spec/non-persistent-tokens</a></div><div><a href="http://git.openstack.org/cgit/openstack/keystone-specs/plain/specs/juno/non-persistent-tokens.rst">http://git.openstack.org/cgit/openstack/keystone-specs/plain/specs/juno/non-persistent-tokens.rst</a></div><div><br></div><div>or just use certs:</div><div><br></div><div><a href="https://blueprints.launchpad.net/keystone/+spec/keystone-tokenless-authz-with-x509-ssl-client-cert">https://blueprints.launchpad.net/keystone/+spec/keystone-tokenless-authz-with-x509-ssl-client-cert</a></div><div><br></div><div>The general thought is that putting lots of things in the database that</div><div>don't need to be stored anywhere is a bad idea. The need for the cron</div><div>job is just a symptom of that bug.</div><div><br></div><div>__________________________________________________________________________</div><div>OpenStack Development Mailing List (not for usage questions)</div><div>Unsubscribe: <a href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a></div><div><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></div></div></div></span>
</blockquote>
<div>
<br>
</div>