[openstack-dev] [Keystone][Token expiration]
Dolph Mathews
dolph.mathews at gmail.com
Mon Apr 3 12:36:32 UTC 2017
> does it mean that the token now will live forever
No; it behaves as described in the document you linked. If you have any
specific security concerns, please raise them appropriately (such as a
security bug, if necessary).
On Mon, Apr 3, 2017 at 5:27 AM lương hữu tuấn <tuantuluong at gmail.com> wrote:
> Hi keystone folks,
>
> I have had a chance to take a look to this below patch for allowing the
> expired token and it was merged in Octaka:
>
>
> https://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/allow-expired.html
>
> In our project, we also have problem with token expiration when running
> mistral workflow. I have a concern that if this patch works as it does,
> does it mean that the token now will live forever ("forever" seems so
> sloppy, but it seems like the token is no longer expired). In this case, it
> seems not good for security purpose.
>
> Br,
>
> Tuan/Nokia
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
-Dolph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170403/a60b99e0/attachment.html>
More information about the OpenStack-dev
mailing list