(RHSA-2013:0806) Low: openstack-keystone security and bug fix update

The openstack-keystone packages provide Keystone, a Python implementation
of the OpenStack identity service API, which provides Identity, Token,
Catalog, and Policy services.

These updated packages have been upgraded to upstream version 2012.2.4,
which provides a number of bug fixes over the previous version. (BZ#950132)

This update also fixes the following security issue:

In environments using LDAP (Lightweight Directory Access Protocol), if
debug-level logging was enabled (for example, by enabling it in
“/etc/keystone/keystone.conf”), the LDAP server password was logged in
plain text to a world-readable log file. Debug-level logging is not enabled
by default. (CVE-2013-2006)

Additionally, this update also fixes the following bugs:

• If the Keystone service incurred an HTTP error as a result of a transient
  network error, authentication tokens were listed as invalid. With this
  update, the Keystone service will now retry requests a few times before
  failing, which masks transient network errors. (BZ#919526)

• The “/var/log/keystone/” directory was world-readable. With this update,
  world-read permissions have been removed. (BZ#956474)

All users of openstack-keystone are advised to upgrade to these updated
packages, which correct these issues. After installing the updated
packages, the Keystone service (openstack-keystone) will be restarted
automatically.