[Openstack-security] [openstack/keystone] SecurityImpact review request change If698fc1d0751cded556825b081539da4dd51275e
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Jun 19 20:59:27 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/95989
Log:
commit 37d133aa2ee455caec80bdadbd102b0568f0c00f
Author: Adam Young <ayoung at redhat.com>
Date: Tue May 27 21:51:12 2014 -0400
Kerberos as method name
To date kerberos has been supported by the "external" method
name. However, the Client plugin architecture needs to refer to the
method name, and we do not want to expose to the client the
difference between kerberos as performed by an external module or
an eventual kerberos-in-eventlet style implementation.
If the "external" plugin is missing, the old code would throw an
exception attempting to process "REMOTE_USER" behavior. Now, if only
'kerberos' is specified, this is checked and skipped.
Blueprint: kerberos-authentication
SecurityImpact: Minimal, as Kerberos is already used via external,
this just changes the main way it is named.
Change-Id: If698fc1d0751cded556825b081539da4dd51275e
More information about the Openstack-security
mailing list