Merge "Remove insecure default for signing_dir option."

author: Jenkins <jenkins@review.openstack.org> 2013-05-08 19:35:48 +0000
committer: Gerrit Code Review <review@openstack.org> 2013-05-08 19:35:48 +0000
commit: 4e61f415c4cbddcffefc05008acce1f96b51a6b1 (patch)
tree: 53309d1ce1add096e434e6754922397eac7e8f2b
parent: baa4109ed6b846661f4d6c0bab39754b7e574a8e (diff)
parent: 58d6879b1caaa750c39c8e452a0634c24ffef2ce (diff)
download: nova-4e61f415c4cbddcffefc05008acce1f96b51a6b1.tar.gz
nova-4e61f415c4cbddcffefc05008acce1f96b51a6b1.tar.xz
nova-4e61f415c4cbddcffefc05008acce1f96b51a6b1.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini
index 76e4e447c..34c87b92d 100644
--- a/etc/nova/api-paste.ini
+++ b/etc/nova/api-paste.ini
@@ -104,6 +104,9 @@ auth_protocol = http
 admin_tenant_name = %SERVICE_TENANT_NAME%
 admin_user = %SERVICE_USER%
 admin_password = %SERVICE_PASSWORD%
-signing_dir = /tmp/keystone-signing-nova
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# in the home directory for the user the nova process is running as.
+#signing_dir = /var/lib/nova/keystone-signing
 # Workaround for https://bugs.launchpad.net/nova/+bug/1154809
 auth_version = v2.0
author	Jenkins <jenkins@review.openstack.org>	2013-05-08 19:35:48 +0000
committer	Gerrit Code Review <review@openstack.org>	2013-05-08 19:35:48 +0000
commit	4e61f415c4cbddcffefc05008acce1f96b51a6b1 (patch)
tree	53309d1ce1add096e434e6754922397eac7e8f2b
parent	baa4109ed6b846661f4d6c0bab39754b7e574a8e (diff)
parent	58d6879b1caaa750c39c8e452a0634c24ffef2ce (diff)
download	nova-4e61f415c4cbddcffefc05008acce1f96b51a6b1.tar.gz nova-4e61f415c4cbddcffefc05008acce1f96b51a6b1.tar.xz nova-4e61f415c4cbddcffefc05008acce1f96b51a6b1.zip