[openstack-dev] [Openstack-qa-team] Changes with ids/uuids?
Dolph Mathews
dolph.mathews at gmail.com
Thu Oct 25 13:30:45 UTC 2012
In short, PKI tokens are able to be validated client-side, reducing network
chattiness with keystone, etc.
Although PKI was implemented in Folsom, it wasn't shipped as the default.
Our goal in changing the default now is to flush out any issues as early in
the Grizzly cycle as possible.
If you're having any issues with PKI tokens, you can A) file bugs as
appropriate (please!), and B) switch back to UUID tokens by changing
[signing] token_format in keystone.conf from 'PKI' back to 'UUID'.
-Dolph
On Thu, Oct 25, 2012 at 7:52 AM, David Kranz <david.kranz at qrclab.com> wrote:
> On 10/25/2012 1:13 AM, Daryl Walleck wrote:
>
> While spinning up a new devstack tonight I noticed some very odd behavior.
> Keystone is suddenly giving me back a 3000+ character auth token, and the
> ids for flavors I'm creating are extremely large ints (uuids I could see,
> but not this). Does anyone have any insight into if either of these changes
> were intentional?
>
> Daryl
>
>
> I think that must be a result of https://review.openstack.org/#/c/14577/which changed the keystone default to use PKI "tokens".
> Could some one from the keystone team explain any implication of this?
>
> -David
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121025/aeb7be69/attachment.html>
More information about the OpenStack-dev
mailing list