> does it mean that the token now will live forever No; it behaves as described in the document you linked. If you have any specific security concerns, please raise them appropriately (such as a security bug, if necessary).
On Mon, Apr 3, 2017 at 5:27 AM lương hữu tuấn <tuantulu...@gmail.com> wrote: > Hi keystone folks, > > I have had a chance to take a look to this below patch for allowing the > expired token and it was merged in Octaka: > > > https://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/allow-expired.html > > In our project, we also have problem with token expiration when running > mistral workflow. I have a concern that if this patch works as it does, > does it mean that the token now will live forever ("forever" seems so > sloppy, but it seems like the token is no longer expired). In this case, it > seems not good for security purpose. > > Br, > > Tuan/Nokia > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- -Dolph
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev