openstack/openstack-manuals
Code Issues Proposed changes
openstack-manuals/doc/admin-guide/source/identity-auth-token-middleware.rst
Andreas Jaeger 2d44b2b36d Prepare for Sphinx 1.5 
The new sphinx version introduces some changes that break build:

* Warns if code cannot be parsed for highlighting. Fix the code so
  that it can be parsed, this includes uncommenting "..." lines.
  Note that not every config file is an ini-file.
  Also, the parser seems to have bugs and cannot parse all files.
  Fix mysql ini file and enable the parameter, see
http://dev.mysql.com/doc/refman/5.7/en/innodb-parameters.html#sysvar_innodb_file_per_table
* :option: works only with declared options, replace useage with
  simple ``.

This change only handles a few files, more to come later.

Change-Id: I7c7335e514581622dd562ee355f62d6ae1beaa18
2017-01-11 20:37:55 +01:00

2.1 KiB
Raw Blame History

Authentication middleware with user name and password

You can also configure Identity authentication middleware using the admin_user and admin_password options.

Note

The admin_token option is deprecated and no longer used for configuring auth_token middleware.

For services that have a separate paste-deploy .ini file, you can configure the authentication middleware in the [keystone_authtoken] section of the main configuration file, such as nova.conf. In Compute, for example, you can remove the middleware parameters from api-paste.ini, as follows:

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory

And set the following values in nova.conf as follows:

[DEFAULT]
# ...
auth_strategy=keystone

[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service

Note

The middleware parameters in the paste config take priority. You must remove them to use the values in the [keystone_authtoken] section.

Note

Comment out any auth_host, auth_port, and auth_protocol options because the identity_uri option replaces them.

This sample paste config filter makes use of the admin_user and admin_password options:

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
auth_token = 012345SECRET99TOKEN012345
admin_user = admin
admin_password = keystone123

Note

Using this option requires an admin project/role relationship. The admin user is granted access to the admin role on the admin project.

Note

Comment out any auth_host, auth_port, and auth_protocol options because the identity_uri option replaces them.