From 181588b9ba50fefea12617a9a5e774daddfed20c Mon Sep 17 00:00:00 2001
From: Brant Knudson <bknudson@us.ibm.com>
Date: Thu, 25 Jun 2015 17:58:51 -0500
Subject: [PATCH] Switch fernet to be the default token provider

Use the fernet token provider as the default for keystone.

 The Keystone token provider of choice is changing from UUID to Fernet.
 However, due the the need for multi-site keystone deploys to have keys
 kept in sync, we cannot change the default in upstream Keystone
 without  breaking existing deployments.  Fernet requires a deliberate
 setup step like what is done in devstack.  Making the change in
 devstack documents the expected setup.

Change-Id: I8c0db244634b0861b0eb3c48fe6ede153f7f04f2
---
 lib/keystone | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/keystone b/lib/keystone
index d83092405b..49d819e500 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -89,7 +89,7 @@ KEYSTONE_RESOURCE_BACKEND=${KEYSTONE_RESOURCE_BACKEND:-sql}
 
 # Select Keystone's token provider (and format)
 # Choose from 'uuid', 'pki', 'pkiz', or 'fernet'
-KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-}
+KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-fernet}
 KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
 
 # Set Keystone interface configuration