Oh.. oops. Yeah if that's the case then sorry, you can just ignore me! On Tue, Aug 11, 2015 at 8:39 PM, Tony Breeds <tony at bakeyournoodle.com> wrote: > On Tue, Aug 11, 2015 at 08:24:10PM -0600, Matt Fischer wrote: > > It was covered some here: > > http://lists.openstack.org/pipermail/openstack-dev/2015-July/069658.html > > and some graphs here: http://www.mattfischer.com/blog/?p=672 > > > > tl;dr is that having revoked tokens affects keystone token validation and > > tokens are validated on almost every API call unless you're using some > > caching. > > > > It's not a reason to skip this idea, but its something I'm wary of since > I > > get the call whenever Keystone gets slow. Depending on how many > revocations > > it generates, I might turn it off. To be honest I'm not sure how much > this > > feature is used by our customers. > > Thanks. I *think* we're talking about very different tokens. Stupid > overloading of jargon :( > > The consoleauth token doesn't go near keystone. I'll double check and get > back > to you. > > Yours Tony. > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150811/8e3731de/attachment.html>