openstack/openstack-manuals
Code Issues Proposed changes
8265ab2ad6
openstack-manuals/doc/common/tables/keystone-token.xml
Gauvain Pocentek 8b2016b5d0 Update the config reference tables 
Include the new tables in the documentation.

Fix the cinder-prophetstor_dpl.xml filename and the xiv category.

Manually fix those files for niceness test:
- glance-logging.xml (lines 34, 38), fixed in oslo-incubator
- trove-logging.xml (lines 26, 30), fixed in oslo-incubator
- neutron-openvswitch_agent.xml (line 45), to be fixed in neutron

Closes-Bug: #1340858
Closes-Bug: #1344231
Closes-Bug: #1345956
Closes-Bug: #1346711
Closes-Bug: #1347978
Partial-Bug: #1348329
Closes-Bug: #1352074
Partial-Bug: #1353417
Closes-Bug: #1354622
Closes-Bug: #1339754
Closes-Bug: #1358598
Closes-Bug: #1358259
Closes-Bug: #1357865
Partial-Bug: #1357457
Closes-Bug: #1357421
Change-Id: Id2da7d7762ca954bd552dbf89a9ff28b144efb68
2014-08-19 16:34:25 +02:00

63 lines
3.0 KiB
XML
Raw Blame History

<?xml version='1.0' encoding='UTF-8'?>
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<!-- Warning: Do not edit this file. It is automatically
generated and your changes will be overwritten.
The tool to do so lives in openstack-doc-tools repository. -->
<table rules="all" xml:id="config_table_keystone_token">
<caption>Description of configuration options for token</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Configuration option = Default value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<th colspan="2">[token]</th>
</tr>
<tr>
<td>bind = </td>
<td>(ListOpt) External auth mechanisms that should add bind information to token, e.g., kerberos,x509.</td>
</tr>
<tr>
<td>cache_time = None</td>
<td>(IntOpt) Time to cache tokens (in seconds). This has no effect unless global and token caching are enabled.</td>
</tr>
<tr>
<td>caching = True</td>
<td>(BoolOpt) Toggle for token system cacheing. This has no effect unless global caching is enabled.</td>
</tr>
<tr>
<td>driver = keystone.token.persistence.backends.sql.Token</td>
<td>(StrOpt) Token persistence backend driver.</td>
</tr>
<tr>
<td>enforce_token_bind = permissive</td>
<td>(StrOpt) Enforcement policy on tokens presented to Keystone with bind information. One of disabled, permissive, strict, required or a specifically required bind mode, e.g., kerberos or x509 to require binding to that authentication.</td>
</tr>
<tr>
<td>expiration = 3600</td>
<td>(IntOpt) Amount of time a token should remain valid (in seconds).</td>
</tr>
<tr>
<td>hash_algorithm = md5</td>
<td>(StrOpt) The hash algorithm to use for PKI tokens. This can be set to any algorithm that hashlib supports. WARNING: Before changing this value, the auth_token middleware must be configured with the hash_algorithms, otherwise token revocation will not be processed correctly.</td>
</tr>
<tr>
<td>provider = None</td>
<td>(StrOpt) Controls the token construction, validation, and revocation operations. Core providers are "keystone.token.providers.[pkiz|pki|uuid].Provider". The default provider is pkiz.</td>
</tr>
<tr>
<td>revocation_cache_time = 3600</td>
<td>(IntOpt) Time to cache the revocation list and the revocation events if revoke extension is enabled (in seconds). This has no effect unless global and token caching are enabled.</td>
</tr>
<tr>
<td>revoke_by_id = True</td>
<td>(BoolOpt) Revoke token by token identifier. Setting revoke_by_id to true enables various forms of enumerating tokens, e.g. `list tokens for user`. These enumerations are processed to determine the list of tokens to revoke. Only disable if you are switching to using the Revoke extension with a backend other than KVS, which stores events in memory.</td>
</tr>
</tbody>
</table>
</para>
View Git Blame Copy Permalink