On Tue, Aug 11, 2015 at 08:24:10PM -0600, Matt Fischer wrote: > It was covered some here: > http://lists.openstack.org/pipermail/openstack-dev/2015-July/069658.html > and some graphs here: http://www.mattfischer.com/blog/?p=672 > > tl;dr is that having revoked tokens affects keystone token validation and > tokens are validated on almost every API call unless you're using some > caching. > > It's not a reason to skip this idea, but its something I'm wary of since I > get the call whenever Keystone gets slow. Depending on how many revocations > it generates, I might turn it off. To be honest I'm not sure how much this > feature is used by our customers. Thanks. I *think* we're talking about very different tokens. Stupid overloading of jargon :( The consoleauth token doesn't go near keystone. I'll double check and get back to you. Yours Tony. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150812/34289b57/attachment.pgp>