diff options
author | Russell Bryant <rbryant@redhat.com> | 2013-05-01 09:41:57 -0400 |
---|---|---|
committer | Russell Bryant <rbryant@redhat.com> | 2013-05-08 11:42:41 -0400 |
commit | 58d6879b1caaa750c39c8e452a0634c24ffef2ce (patch) | |
tree | 3dba81087107c335310dae99c17ef7fc312eb45e /etc/nova | |
parent | 4ce8f2a6a9d4644153b4ba532ca1b78665507d6a (diff) | |
download | nova-58d6879b1caaa750c39c8e452a0634c24ffef2ce.tar.gz nova-58d6879b1caaa750c39c8e452a0634c24ffef2ce.tar.xz nova-58d6879b1caaa750c39c8e452a0634c24ffef2ce.zip |
Remove insecure default for signing_dir option.
The sample api-paste.ini file included an insecure value for the
signing_dir option for the keystone authtoken middleware. Comment out
the option so that we just rely on the default behavior by default.
Fix bug 1174608.
Change-Id: I6189788953d789c34456bbe150b8ed6ce6f68403
Diffstat (limited to 'etc/nova')
-rw-r--r-- | etc/nova/api-paste.ini | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini index 76e4e447c..34c87b92d 100644 --- a/etc/nova/api-paste.ini +++ b/etc/nova/api-paste.ini @@ -104,6 +104,9 @@ auth_protocol = http admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD% -signing_dir = /tmp/keystone-signing-nova +# signing_dir is configurable, but the default behavior of the authtoken +# middleware should be sufficient. It will create a temporary directory +# in the home directory for the user the nova process is running as. +#signing_dir = /var/lib/nova/keystone-signing # Workaround for https://bugs.launchpad.net/nova/+bug/1154809 auth_version = v2.0 |