Add auth_ttl into keystone.conf
There is a requirement for some end users where we need to specify auth_ttl to a higher level. This should help with these users Change-Id: Ifd515d7c103a6b24c4f5da500442406f04fb372f
This commit is contained in:
parent
5773a13ccb
commit
b5c4eb2eae
|
@ -442,3 +442,10 @@ options:
|
|||
description: |
|
||||
Default time (in minutes) for the validity of group memberships carried
|
||||
over from a federation mapping. Default is 0 which means disabled.
|
||||
ec2-auth-ttl:
|
||||
type: int
|
||||
default: 15
|
||||
description: |
|
||||
The config item specifies the auth_ttl otion in [credentials]. This is
|
||||
the length of time in minutes for which a signed EC2 or S3 token request
|
||||
is valid from the timestamp contained in the token request.
|
||||
|
|
|
@ -208,6 +208,7 @@ class KeystoneContext(context.OSContextGenerator):
|
|||
ctxt['assignment_backend'] = config('assignment-backend')
|
||||
ctxt['token_provider'] = config('token-provider')
|
||||
ctxt['fernet_max_active_keys'] = config('fernet-max-active-keys')
|
||||
ctxt['ec2_auth_ttl'] = config('ec2-auth-ttl')
|
||||
if config('identity-backend') == 'ldap':
|
||||
ctxt['ldap_server'] = config('ldap-server')
|
||||
ctxt['ldap_user'] = config('ldap-user')
|
||||
|
|
|
@ -31,6 +31,7 @@ domain_config_dir = {{ domain_config_dir }}
|
|||
|
||||
[credential]
|
||||
driver = sql
|
||||
auth_ttl = {{ ec2_auth_ttl }}
|
||||
|
||||
[trust]
|
||||
driver = sql
|
||||
|
|
|
@ -31,6 +31,7 @@ domain_config_dir = {{ domain_config_dir }}
|
|||
|
||||
[credential]
|
||||
driver = sql
|
||||
auth_ttl = {{ ec2_auth_ttl }}
|
||||
|
||||
[trust]
|
||||
driver = sql
|
||||
|
|
Loading…
Reference in New Issue