Merge "Remove insecure default for signing_dir option."

2013-05-08 19:35:48 +00:00 · 2013-05-08 19:35:48 +00:00 · 4e61f415c4
parent baa4109ed6 58d6879b1c
commit 4e61f415c4
1 changed files with 4 additions and 1 deletions
--- a/etc/nova/api-paste.ini
+++ b/etc/nova/api-paste.ini
@ -104,6 +104,9 @@ auth_protocol = http
 admin_tenant_name = %SERVICE_TENANT_NAME%
 admin_user = %SERVICE_USER%
 admin_password = %SERVICE_PASSWORD%
-signing_dir = /tmp/keystone-signing-nova
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# in the home directory for the user the nova process is running as.
+#signing_dir = /var/lib/nova/keystone-signing
 # Workaround for https://bugs.launchpad.net/nova/+bug/1154809
 auth_version = v2.0