Skip to content

Commit

Permalink
Remove insecure default for signing_dir option.
Browse files Browse the repository at this point in the history 
The sample api-paste.ini file included an insecure value for the
signing_dir option for the keystone authtoken middleware.  Comment out
the option so that we just rely on the default behavior by default.

Fix bug 1174608.

Conflicts:
	etc/nova/api-paste.ini

Change-Id: I6189788953d789c34456bbe150b8ed6ce6f68403
(cherry picked from commit 58d6879)
  • Loading branch information
@russellb
russellb committed May 8, 2013
1 parent 9ecd965 commit 74aa04e
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion etc/nova/api-paste.ini
View file
Expand Up @@ -124,4 +124,7 @@ auth_protocol = http
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
signing_dir = /tmp/keystone-signing-nova
# signing_dir is configurable, but the default behavior of the authtoken
# middleware should be sufficient. It will create a temporary directory
# in the home directory for the user the nova process is running as.
#signing_dir = /var/lib/nova/keystone-signing

0 comments on commit 74aa04e

Please sign in to comment.