yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1202050] Re: Memcache token backend stores entire PKI token in usertoken index

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Morgan Fainberg <morgan.fainberg@xxxxxxxxx>
Date: Wed, 04 Jun 2014 23:37:03 -0000
Reply-to: Bug 1202050 <1202050@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Grizzly is EOL, wont fix the grizzly branch at this point. Havana and
beyond have this fix.

** Changed in: keystone/grizzly
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1202050

Title:
  Memcache token backend stores entire PKI token in usertoken index

Status in OpenStack Identity (Keystone):
  Invalid
Status in Keystone grizzly series:
  Won't Fix

Bug description:
  Following on from:
  http://lists.openstack.org/pipermail/openstack-dev/2013-July/011959.html

  This looks to be fixed on master but Grizzly Keystone is storing the
  entire encoded PKI token in the user index. It only needs to be
  storing the hash. With a PKI token around 4k a user can only create
  256 tokens before the memcache backend hits the page limit of 1MB and
  token creation starts failing for that user.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1202050/+subscriptions