openstack team mailing list archive

Thread
Date

Re: Keystone 8K header size limit

To: "Miller, Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.miller@xxxxxx>, openstack <openstack@xxxxxxxxxxxxxxxxxxx>
From: Dolph Mathews <dolph.mathews@xxxxxxxxx>
Date: Wed, 29 May 2013 14:55:16 -0500
In-reply-to: <D6182642CE6D2D4FBFCDF99946E249883B31C7E9@G4W3299.americas.hpqcorp.net>

Apologies, none of these configuration settings were documented in
etc/keystone.conf.sample. The last one is the one that controls this
behavior.

  [DEFAULT]

  # enforced by sizelimit middleware
(keystone.middleware:RequestBodySizeLimiter)
  max_request_body_size = 114688

  # limit the sizes of user & tenant ID/names
  max_param_size = 64

  # similar to max_param_size, but provides an exception for token values
  max_token_size = 8192

I also put these docs up for review: https://review.openstack.org/30932

-Dolph

On Wed, May 29, 2013 at 1:23 PM, Miller, Mark M (EB SW Cloud - R&D -
Corvallis) <mark.m.miller@xxxxxx> wrote:

>  Hi Guang,
>
> We are running into a problem with PKI tokens being greater than 8K and
> having Keystone not able to validate them. Do you know of a workaround?
>
> Mark
>
>

Follow ups

Re: Keystone 8K header size limit
From: Miller, Mark M (EB SW Cloud - R&D - Corvallis), 2013-05-29