[Openstack-security] [openstack/keystone] SecurityImpact review request change If698fc1d0751cded556825b081539da4dd51275e
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Jun 16 19:41:56 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/95989
Log:
commit 705302663dacc423f5ede440d474356fa5c4cf56
Author: Adam Young <ayoung at redhat.com>
Date: Tue May 27 21:51:12 2014 -0400
Kerberos as method name
To date kerberos has been supported by the "external" method
name. However, the Client plugin architecture needs to refer to the
method name , and we do not want to expose to the client the
difference between kerberos as performed by an external module or
an eventual kerberos-in-eventlet style implementation.
If the "external" plugin is missing, the old code would throw an
exception attempting to process "REMOTE_USER" behavior. If only
'Kerberos" is specified, this is checked and skipped.
Blueprint: kerberos-authentication
SecurityImpact: Minimal, as Kerberos is already used via external,
this just changes the main way it is named.
Change-Id: If698fc1d0751cded556825b081539da4dd51275e
More information about the Openstack-security
mailing list