On 11 September 2014 03:17, Angus Lees <g...@inodes.org> wrote:

> (As inspired by eg kerberos)
> 2. Ensure at some environmental/top layer that the advertised token lifetime
> exceeds the timeout set on the request, before making the request.  This
> implies (since there's no special handling in place) failing if the token was
> expired earlier than expected.

We've a related problem in cinder (cinder-backup uses the user's token
to talk to swift, and the backup can easily take longer than the token
expiry time) which could not be solved by this, since the time the
backup takes is unknown (compression, service and resource contention,
etc alter the time by multiple orders of magnitude)

OpenStack-dev mailing list

Reply via email to