openstack/charm-keystone
Code Issues Proposed changes

Permanently disable token caching for Caracal+

Browse Source 
This allows users to enable caching globally in Caracal
without the security issues that arose due to changes
introduced around revocation checking using the cache.

Change-Id: I9a4889961336c2c595d9cdc6897f71002fa8271e
Closes-Bug: #2113772
This commit is contained in:
Edward Hope-Morley
2025-06-09 17:23:07 +01:00
parent 4909c44a97
commit 563b453257
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
templates/caracal/keystone.conf
View File

@@ -51,6 +51,8 @@ cache_time = {{ role_cache_expiration }}
[endpoint_filter]
[token]
# We permanently disable token caching in Caracal onwards - See LP#2113772
caching = false
expiration = {{ token_expiration }}
[fernet_tokens]