← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1121494] Re: [OSSA 2013-005] EC2 authentication does not ensure user or tenant is enabled

 

Looks like status was missed. Merged properly etc, old bug cleanup

** Changed in: keystone/essex
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1121494

Title:
  [OSSA 2013-005] EC2 authentication does not ensure user or tenant is
  enabled

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone essex series:
  Fix Released
Status in Keystone folsom series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  Keystone does not check whether a user, tenant, or domain is enabled
  before authenticating a user using the EC2 api.  I've attached three
  patches based on Grizzly (master), stable/folsom, and stable/essex.
  For the Grizzly patch, I've refactored the code to ensure the same
  checks used in token-based auth are checked when using EC2 signature-
  based auth.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1121494/+subscriptions