Remove insecure default for signing_dir option.

The sample api-paste.ini file included an insecure value for the signing_dir option for the keystone authtoken middleware. Comment out the option so that we just rely on the default behavior by default. Fix bug 1174608. Change-Id: I6189788953d789c34456bbe150b8ed6ce6f68403
author: Russell Bryant <rbryant@redhat.com> 2013-05-01 09:41:57 -0400
committer: Russell Bryant <rbryant@redhat.com> 2013-05-08 11:42:41 -0400
commit: 58d6879b1caaa750c39c8e452a0634c24ffef2ce (patch)
tree: 3dba81087107c335310dae99c17ef7fc312eb45e /etc/nova
parent: 4ce8f2a6a9d4644153b4ba532ca1b78665507d6a (diff)
download: nova-58d6879b1caaa750c39c8e452a0634c24ffef2ce.tar.gz
nova-58d6879b1caaa750c39c8e452a0634c24ffef2ce.tar.xz
nova-58d6879b1caaa750c39c8e452a0634c24ffef2ce.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini
index 76e4e447c..34c87b92d 100644
--- a/etc/nova/api-paste.ini
+++ b/etc/nova/api-paste.ini
@@ -104,6 +104,9 @@ auth_protocol = http
 admin_tenant_name = %SERVICE_TENANT_NAME%
 admin_user = %SERVICE_USER%
 admin_password = %SERVICE_PASSWORD%
-signing_dir = /tmp/keystone-signing-nova
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# in the home directory for the user the nova process is running as.
+#signing_dir = /var/lib/nova/keystone-signing
 # Workaround for https://bugs.launchpad.net/nova/+bug/1154809
 auth_version = v2.0
author	Russell Bryant <rbryant@redhat.com>	2013-05-01 09:41:57 -0400
committer	Russell Bryant <rbryant@redhat.com>	2013-05-08 11:42:41 -0400
commit	58d6879b1caaa750c39c8e452a0634c24ffef2ce (patch)
tree	3dba81087107c335310dae99c17ef7fc312eb45e /etc/nova
parent	4ce8f2a6a9d4644153b4ba532ca1b78665507d6a (diff)
download	nova-58d6879b1caaa750c39c8e452a0634c24ffef2ce.tar.gz nova-58d6879b1caaa750c39c8e452a0634c24ffef2ce.tar.xz nova-58d6879b1caaa750c39c8e452a0634c24ffef2ce.zip