2015-12-10 00:09:21 +00:00
|
|
|
---
|
|
|
|
features:
|
2016-03-14 15:16:49 +00:00
|
|
|
- >
|
|
|
|
[`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/bootstrap>`_]
|
|
|
|
keystone-manage now supports the bootstrap command
|
2015-12-10 00:09:21 +00:00
|
|
|
on the CLI so that a keystone install can be
|
|
|
|
initialized without the need of the admin_token
|
|
|
|
filter in the paste-ini.
|
|
|
|
security:
|
|
|
|
- The use of admin_token filter is insecure compared
|
|
|
|
to the use of a proper username/password. Historically
|
|
|
|
the admin_token filter has been left enabled in
|
|
|
|
Keystone after initialization due to the way CMS
|
2016-03-14 15:16:49 +00:00
|
|
|
systems work. Moving to an out-of-band initialization using
|
|
|
|
``keystone-manage bootstrap`` will eliminate the security concerns around
|
|
|
|
a static shared string that conveys admin access to keystone
|
2015-12-10 00:09:21 +00:00
|
|
|
and therefore to the entire installation.
|