37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
From 74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7 Mon Sep 17 00:00:00 2001
|
|
From: Russell Bryant <rbryant@redhat.com>
|
|
Date: Wed, 1 May 2013 09:41:57 -0400
|
|
Subject: [PATCH] Remove insecure default for signing_dir option.
|
|
|
|
The sample api-paste.ini file included an insecure value for the
|
|
signing_dir option for the keystone authtoken middleware. Comment out
|
|
the option so that we just rely on the default behavior by default.
|
|
|
|
Fix bug 1174608.
|
|
|
|
Conflicts:
|
|
etc/nova/api-paste.ini
|
|
|
|
Change-Id: I6189788953d789c34456bbe150b8ed6ce6f68403
|
|
(cherry picked from commit 58d6879b1caaa750c39c8e452a0634c24ffef2ce)
|
|
---
|
|
etc/nova/api-paste.ini | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini
|
|
index 3970974..95307b2 100644
|
|
--- a/etc/nova/api-paste.ini
|
|
+++ b/etc/nova/api-paste.ini
|
|
@@ -124,4 +124,7 @@ auth_protocol = http
|
|
admin_tenant_name = %SERVICE_TENANT_NAME%
|
|
admin_user = %SERVICE_USER%
|
|
admin_password = %SERVICE_PASSWORD%
|
|
-signing_dir = /tmp/keystone-signing-nova
|
|
+# signing_dir is configurable, but the default behavior of the authtoken
|
|
+# middleware should be sufficient. It will create a temporary directory
|
|
+# in the home directory for the user the nova process is running as.
|
|
+#signing_dir = /var/lib/nova/keystone-signing
|
|
--
|
|
1.8.1.5
|
|
|