yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #15172
[Bug 1121494] Re: [OSSA 2013-005] EC2 authentication does not ensure user or tenant is enabled
Looks like status was missed. Merged properly etc, old bug cleanup
** Changed in: keystone/essex
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1121494
Title:
[OSSA 2013-005] EC2 authentication does not ensure user or tenant is
enabled
Status in OpenStack Identity (Keystone):
Fix Released
Status in Keystone essex series:
Fix Released
Status in Keystone folsom series:
Fix Released
Status in OpenStack Security Advisories:
Fix Released
Bug description:
Keystone does not check whether a user, tenant, or domain is enabled
before authenticating a user using the EC2 api. I've attached three
patches based on Grizzly (master), stable/folsom, and stable/essex.
For the Grizzly patch, I've refactored the code to ensure the same
checks used in token-based auth are checked when using EC2 signature-
based auth.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1121494/+subscriptions