Ask Your Question

Revision history [back]

A user is really never logged in per say. A user uses their password to get a token and then that token is used to execute api calls until that token expires (time to expire is defined in keystone.conf).

Everything is really stateless in Openstack.

Horizon will cache the token so not to force the user to enter the password to generate a new token for every request.

If Horizon is backed by apache and horizon is running in debug mode (/etc/openstack_dashboard/local_settings.py) then in /var/log/apache/error.log you will a message like "user xxxx successfully authenticated" .

You can run Ceilometer and configure keystone to send events to Ceilometer and that way you can see when users auth against keystone.