How to Extend Default User Token Expiration in a Devstack Environment

To extend the default token expiration, which is currently one hour, the file /etc/keystone/keystone.conf has to be modified. There is an expiration property in the file that is disabled by default and assumes a value of 3600, representing 3600 seconds or one hour. Simply enable the property and modify the value to anything that works for your Devstack environment (e.g., 86400 for one day). In other words, make the change from

# Amount of time a token should remain valid (in seconds). (integer value)
#expiration = 3600

to

# Amount of time a token should remain valid (in seconds). (integer value)
expiration = 86400

To make this change take effect Keystone has to be restarted. It appears that in the latest releases of Devstack Keystone is no longer runs under its own service, but rather under Apache (reference). So stopping/starting/restarting Keystone can be easily done via

sudo service apache2 stop/start/restart

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: