notification not generated for authentication failure with invalid user name
Bug #1537963 reported by
Thomas Hsiao
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Morgan Fainberg |
Bug Description
Enable event notification in log mode:
[DEFAULT]
notification_format = cadf
notification_driver = log
Test by "Create a token"
$ openstack token issue
1.[OK] Correct user name and password: an event notification was created with "event_type": "identity.
"outcome": "success"
2. [OK] Correct user name but invalid password: an event notification was also created with "event_type": "identity.
"outcome": "failure"
3. [BUG] Invalid user name: NO event notification was created.
This may cause a security issue.
Changed in keystone: | |
assignee: | nobody → Thomas Hsiao (thomas-hsiao) |
summary: |
- Enent Notification not generated for authentication failure with invalid - user name + notification not generated for authentication failure with invalid user + name |
Changed in keystone: | |
status: | New → Triaged |
Changed in keystone: | |
milestone: | mitaka-3 → none |
Changed in keystone: | |
assignee: | Thomas Hsiao (thomas-hsiao) → Guang Yee (guang-yee) |
tags: | added: notifications |
Changed in keystone: | |
assignee: | nobody → Colin Best (cbest47) |
Changed in keystone: | |
assignee: | Colin Best (cbest47) → nobody |
Changed in keystone: | |
milestone: | none → stein-2 |
To post a comment you must log in.
sounds like it should be fixed, surprised that it isn't already handled.