yahoo-eng-team team mailing list archive

[Thomas Hsiao <thomas.hsiao@xxxxxx>]

Public bug reported:

Enable event notification in log mode:
[DEFAULT]
notification_format = cadf
notification_driver = log

Test by "Create a token"
$ openstack token issue

1.[OK]  Correct user name and password:  an event notification was created with "event_type": "identity.authenticate" 
 "outcome": "success"

2. [OK] Correct user name  but invalid password:  an event notification was also created with "event_type": "identity.authenticate" 
 "outcome": "failure"

3. [BUG] Invalid user name:  NO event notification was created.

This may cause a security issue.

** Affects: keystone
     Importance: Undecided
     Assignee: Thomas Hsiao (thomas-hsiao)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Thomas Hsiao (thomas-hsiao)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1537963

Title:
  Enent Notification not generated for authentication failure with
  invalid user name

Status in OpenStack Identity (keystone):
  New

Bug description:
  Enable event notification in log mode:
  [DEFAULT]
  notification_format = cadf
  notification_driver = log

  Test by "Create a token"
  $ openstack token issue

  1.[OK]  Correct user name and password:  an event notification was created with "event_type": "identity.authenticate" 
   "outcome": "success"

  2. [OK] Correct user name  but invalid password:  an event notification was also created with "event_type": "identity.authenticate" 
   "outcome": "failure"

  3. [BUG] Invalid user name:  NO event notification was created.

  This may cause a security issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1537963/+subscriptions