Domains are not validated on authentication
Bug #1130236 reported by
Dolph Mathews
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
High
|
Henry Nash | ||
Bug Description
There two separate problems:
In v2 authentication, currently domains are removed from user & project refs prior to validation.
https:/
Their validation was also made conditional because the validation was merged prior to domain_id's being available on users & projects:
https:/
https:/
The validation needs to become unconditional and validated prior to being removed.
In v3, the domain is checked when authenticating by username, but not by user_id - the later successfully authenticates even if the domain is disabled.
| Changed in keystone: | |
| status: | New → In Progress |
| Changed in keystone: | |
| milestone: | none → grizzly-3 |
| Changed in keystone: | |
| milestone: | grizzly-3 → grizzly-rc1 |
| Changed in keystone: | |
| status: | In Progress → Triaged |
| Changed in keystone: | |
| assignee: | Dolph Mathews (dolph) → nobody |
Revision history for this message
| Dolph Mathews (dolph) wrote | #1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #2 |
| Changed in keystone: | |
| assignee: | nobody → Henry Nash (henry-nash) |
| status: | Triaged → In Progress |
| description: | updated |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote | #3 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #4 |
| Changed in keystone: | |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| status: | Fix Committed → Fix Released |
| Changed in keystone: | |
| milestone: | grizzly-rc1 → 2013.1 |
To post a comment you must log in.
I started this in https:/