Removing signing_dir directive from config

The signing_dir directive defined in barbican-api-paste.ini explicitly stores Keystone's signing certificates in a known /tmp directory. This could be exploited by populating the directory with bogus certificates, potentially allowing a malicious user to generate valid tokens. Added comment explaining signing_dir, and a reasonable (commented) default. Change-Id: I15fda6863e888e3881694ab47a836eee2fb578ee Closes-Bug: #1446406
2015-04-21 15:49:20 -05:00 · 2015-04-21 15:49:20 -05:00 · 46184bb4b3
parent 4861932b51
commit 46184bb4b3
1 changed files with 5 additions and 1 deletions
--- a/etc/barbican/barbican-api-paste.ini
+++ b/etc/barbican/barbican-api-paste.ini
@ -39,7 +39,6 @@ paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory

 [filter:keystone_authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-signing_dir = /tmp/barbican/cache
 #need ability to re-auth a token, thus admin url
 identity_uri = http://localhost:35357
 admin_tenant_name = service
@ -48,6 +47,11 @@ admin_password = orange
 auth_version = v3.0
 #delay failing perhaps to log the unauthorized request in barbican ..
 #delay_auth_decision = true
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# for the user the barbican process is running as.
+#signing_dir = /var/barbican/keystone-signing
+

 [filter:profile]
 use = egg:repoze.profile