openstack/nova
Code Issues Proposed changes

Remove insecure default for signing_dir option.

Browse Source 
The sample api-paste.ini file included an insecure value for the
signing_dir option for the keystone authtoken middleware.  Comment out
the option so that we just rely on the default behavior by default.

Fix bug 1174608.

Change-Id: I6189788953d789c34456bbe150b8ed6ce6f68403
This commit is contained in:
Russell Bryant
2013-05-01 09:41:57 -04:00
parent 4ce8f2a6a9
commit 58d6879b1c
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
etc/nova/api-paste.ini
View File

@@ -104,6 +104,9 @@ auth_protocol = http
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
signing_dir = /tmp/keystone-signing-nova
# signing_dir is configurable, but the default behavior of the authtoken
# middleware should be sufficient. It will create a temporary directory
# in the home directory for the user the nova process is running as.
#signing_dir = /var/lib/nova/keystone-signing
# Workaround for https://bugs.launchpad.net/nova/+bug/1154809
auth_version = v2.0