On 10/25/2013 11:19 AM, Brian Chong wrote: > Hi, > > I'm trying to figure out if its possible to configure KeyStone tokens > to be one time use. My use case is that when a user requests that they > want to take a action on the platform (i.e.: boot a VM) they aren't > also using that same token to load a image in Glance or delete another > VM, etc. I filed a bug for this feature. https://bugs.launchpad.net/keystone/+bug/1250617 However, not that the feature you are requesting is best supported by trusts in general: you need to split up the roels for each action (create vm, upload image to glance) and then delegate only the roles for the operations desired. > > How would I do that or is that even possible? > > Thanks a lot! > -Brian > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131112/e5b243ff/attachment.html>