openstack/openstack-manuals
Code Issues Proposed changes
openstack-manuals/doc/common/tables/keystone-token.xml
Gauvain Pocentek b88212e062 config reference update for juno-1 
Generate the config tables with the autohelp script and include the new
tables in the config ref sections.

For consistency, use the 'database' and 'auth_token' keywords in all
projects.

Split the LBaaS tables.

Closes-Bug: #1327802
Closes-Bug: #1331180
Closes-Bug: #1331175
Closes-Bug: #1330279
Closes-Bug: #1323946
Closes-Bug: #1323437
Closes-Bug: #1322075
Closes-Bug: #1321621
Closes-Bug: #1319564
Closes-Bug: #1318081
Closes-Bug: #1311474
Change-Id: I5602dda76fdf929d9124f5aa67d31ca4ac17c6d5
2014-06-29 20:55:34 +02:00

63 lines
3.0 KiB
XML
Raw Blame History

<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in openstack-doc-tools repository. -->
<table rules="all" xml:id="config_table_keystone_token">
<caption>Description of configuration options for token</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[token]</th>
</tr>
<tr>
<td>bind = </td>
<td>(ListOpt) External auth mechanisms that should add bind information to token, e.g., kerberos,x509.</td>
</tr>
<tr>
<td>cache_time = None</td>
<td>(IntOpt) Time to cache tokens (in seconds). This has no effect unless global and token caching are enabled.</td>
</tr>
<tr>
<td>caching = True</td>
<td>(BoolOpt) Toggle for token system cacheing. This has no effect unless global caching is enabled.</td>
</tr>
<tr>
<td>driver = keystone.token.backends.sql.Token</td>
<td>(StrOpt) Token persistence backend driver.</td>
</tr>
<tr>
<td>enforce_token_bind = permissive</td>
<td>(StrOpt) Enforcement policy on tokens presented to Keystone with bind information. One of disabled, permissive, strict, required or a specifically required bind mode, e.g., kerberos or x509 to require binding to that authentication.</td>
</tr>
<tr>
<td>expiration = 3600</td>
<td>(IntOpt) Amount of time a token should remain valid (in seconds).</td>
</tr>
<tr>
<td>hash_algorithm = md5</td>
<td>(StrOpt) The hash algorithm to use for PKI tokens. This can be set to any algorithm that hashlib supports. WARNING: Before changing this value, the auth_token middleware must be configured with the hash_algorithms, otherwise token revocation will not be processed correctly.</td>
</tr>
<tr>
<td>provider = None</td>
<td>(StrOpt) Controls the token construction, validation, and revocation operations. Core providers are "keystone.token.providers.[pkiz|pki|uuid].Provider". The default provider is pkiz.</td>
</tr>
<tr>
<td>revocation_cache_time = 3600</td>
<td>(IntOpt) Time to cache the revocation list and the revocation events if revoke extension is enabled (in seconds). This has no effect unless global and token caching are enabled.</td>
</tr>
<tr>
<td>revoke_by_id = True</td>
<td>(BoolOpt) Revoke token by token identifier. Setting revoke_by_id to true enables various forms of enumerating tokens, e.g. `list tokens for user`. These enumerations are processed to determine the list of tokens to revoke. Only disable if you are switching to using the Revoke extension with a backend other than KVS, which stores events in memory.</td>
</tr>
</tbody>
</table>
</para>
View Git Blame Copy Permalink