yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1263804] [NEW] EC2 token creation no longer possible for admin

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dirk Mueller <1263804@xxxxxxxxxxxxxxxxxx>
Date: Mon, 23 Dec 2013 23:54:08 -0000
Reply-to: Bug 1263804 <1263804@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

with the security fix for "[OSSA 2013-032] Keystone trust circumvention
through EC2-style tokens (CVE-2013-6391)", Bug #1242597, it is no longer
possible to create ec2 credentials with just admin service token +
service endpoint.

Log file gives:

2013-12-23 22:13:12.197 22611 WARNING keystone.common.wsgi [-]
Authorization failed. Could not find token, 120726431688. from
192.168.226.81


where 120... is the admin token.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1263804

Title:
  EC2 token creation no longer possible for admin

Status in OpenStack Identity (Keystone):
  New

Bug description:
  with the security fix for "[OSSA 2013-032] Keystone trust
  circumvention through EC2-style tokens (CVE-2013-6391)", Bug #1242597,
  it is no longer possible to create ec2 credentials with just admin
  service token + service endpoint.

  Log file gives:

  2013-12-23 22:13:12.197 22611 WARNING keystone.common.wsgi [-]
  Authorization failed. Could not find token, 120726431688. from
  192.168.226.81

  
  where 120... is the admin token.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1263804/+subscriptions

Follow ups

[Bug 1263804] Re: EC2 token creation no longer possible for admin
From: Thierry Carrez, 2014-03-26
[Bug 1263804] [NEW] EC2 token creation no longer possible for admin
From: Dirk Mueller, 2013-12-24

References

[Bug 1263804] [NEW] EC2 token creation no longer possible for admin
From: Dirk Mueller, 2013-12-24