ee2724a2a2
Removed info that's internal to keystone and therefore not relevant to deployers. Consistent references to config option names. `` should be used for literal string values, not references. Change-Id: Ia7e11683ed3ae7f19fe6680848bdcbaed954f424
18 lines
776 B
YAML
18 lines
776 B
YAML
---
|
|
features:
|
|
- >
|
|
[`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/bootstrap>`_]
|
|
keystone-manage now supports the bootstrap command
|
|
on the CLI so that a keystone install can be
|
|
initialized without the need of the admin_token
|
|
filter in the paste-ini.
|
|
security:
|
|
- The use of admin_token filter is insecure compared
|
|
to the use of a proper username/password. Historically
|
|
the admin_token filter has been left enabled in
|
|
Keystone after initialization due to the way CMS
|
|
systems work. Moving to an out-of-band initialization using
|
|
``keystone-manage bootstrap`` will eliminate the security concerns around
|
|
a static shared string that conveys admin access to keystone
|
|
and therefore to the entire installation.
|