On 10/25/2013 11:19 AM, Brian Chong wrote:
Hi,
I'm trying to figure out if its possible to configure KeyStone tokens
to be one time use. My use case is that when a user requests that they
want to take a action on the platform (i.e.: boot a VM) they aren't
also using that same token to load a image in Glance or delete another
VM, etc.
I filed a bug for this feature.
https://bugs.launchpad.net/keystone/+bug/1250617
However, not that the feature you are requesting is best supported by
trusts in general: you need to split up the roels for each action
(create vm, upload image to glance) and then delegate only the roles for
the operations desired.
How would I do that or is that even possible?
Thanks a lot!
-Brian
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
