On 1/30/15 1:33 PM, Everett Toews wrote:
Once I have the token from Keystone, I’ll be talking directly to the services. So either something goes wrong with Keystone and I get no token or I get a token and talk directly to a service. Either way a client knows who it's talking to.
That's only true if you are using PKI tokens, and you already have the ca files from keystone. If you're using UUID, then the service takes your token and validates it with keystone.
-- -jlk _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators