[Openstack] Keystone, LDAP & Token behaviour

Michael Hearn mrhearn at gmail.com
Wed May 21 14:48:31 UTC 2014


Keystone gurus,
Can you help put me straight on expected Authentication behaviour when
using an LDAP identity backend.
In the scenario where a user is granted a token (keystone token-get) should
they not be able to make repeated API calls, e.g  *glance --os-auth-token
xxxxxxx image-list * until the token expires?

I ask as using *tcpdump* I am seeing AuthN traffic between keystone and
LDAP each time I execute an API call - a call that includes an unexpired
token.
I was assuming that by using an unexpired token a user avoids having to
make an AuthN call.  Is that not the case?

Cheers
Mike.

Am using icehouse with token format set to PKI , caching enabled (memcached
)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140521/6ac900a7/attachment.html>


More information about the Openstack mailing list