more widely used. What’s the
> best approach for Keystone, however, is not going to be simple to pin down.
>
>
>
> --Craig
>
>
>
> *From:* Morgan Fainberg [mailto:morgan.fainb...@gmail.com]
> *Sent:* Sunday, June 26, 2016 11:11 PM
> *To:* 林自均
> *Cc:* opensta
Hi Steve & Morgan,
Thank you for your reply! I see the reasons not to validate tokens with
theirs source IP addresses.
One more question to Morgan: you mentioned that I should use the shortest
life span of tokens (perhaps 1 hour?), but this will make the users type in
their usernames and password
On Jun 26, 2016 19:39, "林自均" wrote:
>
> Hi all,
>
> I have the following scenario:
>
> 1. On client machine A, a user obtains an auth token with a username and
password.
> 2. The user can use the auth token to do operations on client machine A.
> 3. A thief steals the auth token, and do operations
Hi all,
I have the following scenario:
1. On client machine A, a user obtains an auth token with a username and
password.
2. The user can use the auth token to do operations on client machine A.
3. A thief steals the auth token, and do operations on client machine B.
Can Keystone check the auth
