openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #24049
Re: Keystone 8K header size limit
-
To:
Dolph Mathews <dolph.mathews@xxxxxxxxx>, openstack <openstack@xxxxxxxxxxxxxxxxxxx>
-
From:
"Miller, Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.miller@xxxxxx>
-
Date:
Wed, 29 May 2013 20:00:02 +0000
-
Accept-language:
en-US
-
Cc:
"Brownell, Jonathan C \(Corvallis\)" <brownell@xxxxxx>
-
In-reply-to:
<CAC=h7gWJijCJSJpmPG4-jLeAbz+HJHq=ZFwJ6EB-FobkGKoZ7g@mail.gmail.com>
-
Thread-index:
Ac5cmT/yAUPZCdaNSX2nrET2ZBpr+gADTBsAAAAnw9A=
-
Thread-topic:
Keystone 8K header size limit
Thank you Dolph.
Mark
From: Dolph Mathews [mailto:dolph.mathews@xxxxxxxxx]
Sent: Wednesday, May 29, 2013 12:55 PM
To: Miller, Mark M (EB SW Cloud - R&D - Corvallis); openstack
Cc: Yee, Guang
Subject: Re: Keystone 8K header size limit
Apologies, none of these configuration settings were documented in etc/keystone.conf.sample. The last one is the one that controls this behavior.
[DEFAULT]
# enforced by sizelimit middleware (keystone.middleware:RequestBodySizeLimiter)
max_request_body_size = 114688
# limit the sizes of user & tenant ID/names
max_param_size = 64
# similar to max_param_size, but provides an exception for token values
max_token_size = 8192
I also put these docs up for review: https://review.openstack.org/30932
-Dolph
On Wed, May 29, 2013 at 1:23 PM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <mark.m.miller@xxxxxx<mailto:mark.m.miller@xxxxxx>> wrote:
Hi Guang,
We are running into a problem with PKI tokens being greater than 8K and having Keystone not able to validate them. Do you know of a workaround?
Mark
References
