针对Newton 版本
Keystone.conf
1.expiration
# The amount of time that a token should remain valid (in seconds). Drastically # reducing this value may break "long-running" operations that involve multiple # services to coordinate together, and will force users to authenticate with # keystone more frequently. Drastically increasing this value will increase # load on the `[token] driver`, as more tokens will be simultaneously valid. # Keystone tokens are also bearer tokens, so a shorter duration will also # reduce the potential security impact of a compromised token. (integer value) # Minimum value: 0 # Maximum value: 9223372036854775807 #expiration = 3600
token 过期时间,默认一个小时
2.max_active_keys
# This controls how many keys are held in rotation by `keystone-manage # fernet_rotate` before they are discarded. The default value of 3 means that # keystone will maintain one staged key (always index 0), one primary key (the # highest numerical index), and one secondary key (every other index). # Increasing this value means that additional secondary keys will be kept in # the rotation. (integer value) # Minimum value: 1 #max_active_keys = 3
最大的active key 数目,默认是3