Description of problem: The signing dir has to be relocated into home directory of user swift. The RHOS already does this, although it's in a one-time directory after bug 967631. In 1.8.0-2 we have signing_dir = /tmp/keystone-signing-swift, which is not too bad, but should be moved all the same. Version-Release number of selected component (if applicable): 1.8.0-2.f19 Actual results: Uncertain of security implications of /tmp/keystone-signing-swift. Expected results: /var/cache/swift (which cannot be used since recon lives there) or /var/lib/swift (needs verifying w/Adam and an LSB expert) Additional info: All this can easily be overridden by sysadmin. An update does not override proxy-server.conf due to %config, so this is not a huge deal. However, Packstack people are going to rely on us to make it right (see bug 976081).
see also https://bugs.launchpad.net/keystone/+bug/1036847/comments/10
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle. Changing version to '20'. More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20
(In reply to Pete Zaitcev from comment #1) > see also > https://bugs.launchpad.net/keystone/+bug/1036847/comments/10 and also https://bugs.launchpad.net/keystone/+bug/1036847/comments/12 "current default in authtoken is tempfile.mkdtemp(prefix='keystone-signing-') so best is not to set signing_dir parameter and leave to authtoken to generate a tempdir which should be safe and secure" Setting signing_dir is not needed since default was changed in https://github.com/openstack/python-keystoneclient/commit/03012e641d6c2a98fbfe3780102e28a65d11a887