yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1202050] Re: Memcache token backend stores entire PKI token in usertoken index

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1202050@xxxxxxxxxxxxxxxxxx>
Date: Wed, 17 Jul 2013 15:20:34 -0000
Reply-to: Bug 1202050 <1202050@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: New => Triaged

** Changed in: keystone
   Importance: Undecided => Medium

** Also affects: keystone/grizzly
   Importance: Undecided
       Status: New

** Changed in: keystone/grizzly
       Status: New => Triaged

** Changed in: keystone/grizzly
   Importance: Undecided => Medium

** Changed in: keystone
       Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1202050

Title:
  Memcache token backend stores entire PKI token in usertoken index

Status in OpenStack Identity (Keystone):
  Invalid
Status in Keystone grizzly series:
  Triaged

Bug description:
  Following on from:
  http://lists.openstack.org/pipermail/openstack-dev/2013-July/011959.html

  This looks to be fixed on master but Grizzly Keystone is storing the
  entire encoded PKI token in the user index. It only needs to be
  storing the hash. With a PKI token around 4k a user can only create
  256 tokens before the memcache backend hits the page limit of 1MB and
  token creation starts failing for that user.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1202050/+subscriptions