You can find the files described in this section in the /etc/keystone directory.

Use the keystone.conf file to configure most Identity service options:

Use the keystone-paste.ini file to configure the Web Service Gateway Interface (WSGI) middleware pipeline for the Identity service.

You can specify a special logging configuration file in the keystone.conf configuration file. For example, /etc/keystone/logging.conf. For details, see the (Python logging module documentation).

Use the policy.json file to define additional access controls that apply to the Identity service.

Identity enables you to configure domain-specific authentication drivers. For example, you can configure a domain to have its own LDAP or SQL server. By default, the option to configure domain-specific drivers is disabled. To enable domain-specific drivers, set these options in [identity] section in the keystone.conf file: [identity] domain_specific_drivers_enabled = True domain_config_dir = /etc/keystone/domains When you enable domain-specific drivers, Identity looks in the domain_config_dir directory for configuration files that are named as follows: keystone.DOMAIN_NAME.conf, where DOMAIN_NAME is the domain name. Any options that you define in the domain-specific configuration file override options in the primary configuration file for the specified domain. Any domain without a domain-specific configuration file uses only the options in the primary configuration file.