[Openstack-security] [openstack/keystone] SecurityImpact review request change If698fc1d0751cded556825b081539da4dd51275e
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Jun 19 19:52:18 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/95989
Log:
commit 52cd113433e73f018064455cf4b3e89d31a89b95
Author: Adam Young <ayoung at redhat.com>
Date: Tue May 27 21:51:12 2014 -0400
Kerberos as method name
To date kerberos has been supported by the "external" method
name. However, the Client plugin architecture needs to refer to the
method name, and we do not want to expose to the client the
difference between kerberos as performed by an external module or
an eventual kerberos-in-eventlet style implementation.
If the "external" plugin is missing, the old code would throw an
exception attempting to process "REMOTE_USER" behavior. Now, if only
'kerberos' is specified, this is checked and skipped.
Blueprint: kerberos-authentication
SecurityImpact: Minimal, as Kerberos is already used via external,
this just changes the main way it is named.
Change-Id: If698fc1d0751cded556825b081539da4dd51275e
More information about the Openstack-security
mailing list