Updating sample configuration file

Change-Id: Iaedd10c45a5c064ff655a83b065ea6bf5899d9a1
2015-09-04 05:03:25 +00:00 · 2015-09-04 05:03:25 +00:00 · 53623d0f42
commit 53623d0f42
parent f60f94870a
1 changed files with 26 additions and 0 deletions
--- a/etc/keystone.conf.sample
+++ b/etc/keystone.conf.sample
@ -1934,6 +1934,32 @@
 #hash_algorithm = md5


+[tokenless_auth]
+
+#
+# From keystone
+#
+
+# The list of trusted issuers to further filter the certificates that are
+# allowed to participate in the X.509 tokenless authorization. If the option is
+# absent then no certificates will be allowed. The naming format for the
+# attributes of a Distinguished Name(DN) must be separated by a comma and
+# contain no spaces. This configuration option may be repeated for multiple
+# values. For example: trusted_issuer=CN=john,OU=keystone,O=openstack
+# trusted_issuer=CN=mary,OU=eng,O=abc (multi valued)
+#trusted_issuer =
+
+# The protocol name for the X.509 tokenless authorization along with the option
+# issuer_attribute below can look up its corresponding mapping. (string value)
+#protocol = x509
+
+# The issuer attribute that is served as an IdP ID for the X.509 tokenless
+# authorization along with the protocol to look up its corresponding mapping.
+# It is the environment variable in the WSGI environment that references to the
+# issuer of the client certificate. (string value)
+#issuer_attribute = SSL_CLIENT_I_DN
+
+
 [trust]

 #