openstack-qa-team team mailing list archive
-
openstack-qa-team team
-
Mailing list archive
-
Message #00285
Re: [openstack-dev] Changes with ids/uuids?
In short, PKI tokens are able to be validated client-side, reducing network
chattiness with keystone, etc.
Although PKI was implemented in Folsom, it wasn't shipped as the default.
Our goal in changing the default now is to flush out any issues as early in
the Grizzly cycle as possible.
If you're having any issues with PKI tokens, you can A) file bugs as
appropriate (please!), and B) switch back to UUID tokens by changing
[signing] token_format in keystone.conf from 'PKI' back to 'UUID'.
-Dolph
On Thu, Oct 25, 2012 at 7:52 AM, David Kranz <david.kranz@xxxxxxxxxx> wrote:
> On 10/25/2012 1:13 AM, Daryl Walleck wrote:
>
> While spinning up a new devstack tonight I noticed some very odd behavior.
> Keystone is suddenly giving me back a 3000+ character auth token, and the
> ids for flavors I'm creating are extremely large ints (uuids I could see,
> but not this). Does anyone have any insight into if either of these changes
> were intentional?
>
> Daryl
>
>
> I think that must be a result of https://review.openstack.org/#/c/14577/which changed the keystone default to use PKI "tokens".
> Could some one from the keystone team explain any implication of this?
>
> -David
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@xxxxxxxxxxxxxxxxxxx
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
References