[Openstack] Keystone, LDAP & Token behaviour
Michael Hearn
mrhearn at gmail.com
Wed May 21 14:48:31 UTC 2014
Keystone gurus,
Can you help put me straight on expected Authentication behaviour when
using an LDAP identity backend.
In the scenario where a user is granted a token (keystone token-get) should
they not be able to make repeated API calls, e.g *glance --os-auth-token
xxxxxxx image-list * until the token expires?
I ask as using *tcpdump* I am seeing AuthN traffic between keystone and
LDAP each time I execute an API call - a call that includes an unexpired
token.
I was assuming that by using an unexpired token a user avoids having to
make an AuthN call. Is that not the case?
Cheers
Mike.
Am using icehouse with token format set to PKI , caching enabled (memcached
)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140521/6ac900a7/attachment.html>
More information about the Openstack
mailing list