Russell: It's exactly as you describe. In this case, authentication succeeds as expected, but authorization should fail (disabling the tenant should break the user-tenant authorization relationship).
Once the token is established with authorization on the tenant, keystone would respond 200 OK to token validation requests from other OpenStack services, allowing the user to work with the tenant's resources -- probably not what the admin had in mind when disabling the tenant! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/988920 Title: Token authentication for a user in a disabled tenant does not raise Unauthorized error To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/988920/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs