yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1424061] [NEW] keystone server should default to localhost-only

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Brant Knudson <bknudson@xxxxxxxxxx>
Date: Fri, 20 Feb 2015 21:05:02 -0000
Reply-to: Bug 1424061 <1424061@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Public security bug reported:


By default keystone will listen on all interfaces. Keystone should use secure defaults. In this case, listen on localhost-only by default.

** Affects: keystone
     Importance: Undecided
     Assignee: Brant Knudson (blk-u)
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1424061

Title:
  keystone server should default to localhost-only

Status in OpenStack Identity (Keystone):
  New

Bug description:
  
  By default keystone will listen on all interfaces. Keystone should use secure defaults. In this case, listen on localhost-only by default.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1424061/+subscriptions

Follow ups

[Bug 1424061] Re: keystone server should default to localhost-only
From: gordon chung, 2015-03-24
[Bug 1424061] Re: keystone server should default to localhost-only
From: Brant Knudson, 2015-03-04
[Bug 1424061] Re: keystone server should default to localhost-only
From: Eric Brown, 2015-02-24
[Bug 1424061] [NEW] keystone server should default to localhost-only
From: Brant Knudson, 2015-02-20

References

[Bug 1424061] [NEW] keystone server should default to localhost-only
From: Brant Knudson, 2015-02-20