Does creating a new token on request invalidate the already issued (Still valid) tokens? On 10/05/2013 00:44, "Bhandaru, Malini K" <malini.k.bhandaru at intel.com> wrote: >Greetings!! > >Does anyone know why keystone design supports the creation of a fresh >token for each time a user logs-in/requests a token >Even if in the system there are un-expired tokens for the said user? >Design justification? >Apart from buggy code creating an explosion of tokens, this is a route >for denial of service. >Related bugs .. > >https://bugs.launchpad.net/keystone/+bug/1168399 >https://bugs.launchpad.net/keystone/+bug/1178063 > >Regards >Malini > > > >_______________________________________________ >Openstack-security mailing list >Openstack-security at lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security