[Openstack] One Time Keystone Use Tokens?
Adam Young
ayoung at redhat.com
Mon Nov 11 18:00:11 UTC 2013
I think we need to look into using a trust for this instead of a Token hand-off. The need for one user or limited use trusts has come up multiple times. That coupled with a very short lived token (5 minutes) is probably a better solution.
----- Original Message -----
From: "Adam Young" <ayoung at redhat.com>
To: openstack at lists.openstack.org
Sent: Friday, October 25, 2013 9:06:29 PM
Subject: Re: [Openstack] One Time Keystone Use Tokens?
On 10/25/2013 04:03 PM, Ali, Haneef wrote:
I don’t think it is possible. Can’t you revoke the token after VM boot?
Yes, but I would not recommend doing that. You would have to modify every place that used tokens. Youncould make the token timeout very short, but it will break on any long running tasks.
Thanks
Haneef
From: Brian Chong [ mailto:Brian_Chong at symantec.com ]
Sent: Friday, October 25, 2013 8:19 AM
To: openstack at lists.openstack.org
Subject: [Openstack] One Time Keystone Use Tokens?
Hi,
I'm trying to figure out if its possible to configure KeyStone tokens to be one time use. My use case is that when a user requests that they want to take a action on the platform (i.e.: boot a VM) they aren't also using that same token to load a image in Glance or delete another VM, etc.
How would I do that or is that even possible?
Thanks a lot!
-Brian
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
More information about the Openstack
mailing list