[Openstack-security] [openstack/keystone] SecurityImpact review request change If698fc1d0751cded556825b081539da4dd51275e
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Jun 12 22:35:21 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/95989
Log:
commit 6e39f581fd78407493658b6260b3683e9de7dfee
Author: Adam Young <ayoung at redhat.com>
Date: Tue May 27 21:51:12 2014 -0400
Kerberos as method name
To date kerberos has been supported by the "external" method
name. However, the Client plugin architecture needs to refer to the
method name , and we do not want to expose to the client the
difference between kerberos as performed by an external module or
an eventual kerberos-in-eventlet style implementation.
If the "external" plugin is missing, the old code would throw an
exception attempting to process "REMOTE_USER" behavior. If only
'Kerberos" is specified, this is checked and skipped.
Blueprint: kerberos-authentication
SecurityImpact: Minimal, as Kerberos is already used via external,
this just changes the main way it is named.
Change-Id: If698fc1d0751cded556825b081539da4dd51275e
More information about the Openstack-security
mailing list