openstack/openstack-manuals
Code Issues Proposed changes
c5ee143249
openstack-manuals/doc/admin-guide/source/identity-auth-token-middleware.rst
Anne Gentle 9843767b21 [admin-guide] Rename RST files to use hyphen instead of underbar 
Change-Id: I40999b1eb923fc3796cbb6d982e03d39cdf8c720
Implements: blueprint consistency-file-rename
2016-08-06 09:51:57 -05:00

75 lines
2.0 KiB
ReStructuredText
Raw Blame History

Authentication middleware with user name and password
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can also configure Identity authentication middleware using the
``admin_user`` and ``admin_password`` options.
.. note::
The ``admin_token`` option is deprecated and no longer used for
configuring auth_token middleware.
For services that have a separate paste-deploy ``.ini`` file, you can
configure the authentication middleware in the ``[keystone_authtoken]``
section of the main configuration file, such as ``nova.conf``. In
Compute, for example, you can remove the middleware parameters from
``api-paste.ini``, as follows:
.. code-block:: ini
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
And set the following values in ``nova.conf`` as follows:
.. code-block:: ini
[DEFAULT]
...
auth_strategy=keystone
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service
.. note::
The middleware parameters in the paste config take priority. You
must remove them to use the values in the ``[keystone_authtoken]``
section.
.. note::
Comment out any ``auth_host``, ``auth_port``, and
``auth_protocol`` options because the ``identity_uri`` option
replaces them.
This sample paste config filter makes use of the ``admin_user`` and
``admin_password`` options:
.. code-block:: ini
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
auth_token = 012345SECRET99TOKEN012345
admin_user = admin
admin_password = keystone123
.. note::
Using this option requires an admin tenant/role relationship. The
admin user is granted access to the admin role on the admin tenant.
.. note::
Comment out any ``auth_host``, ``auth_port``, and
``auth_protocol`` options because the ``identity_uri`` option
replaces them.
View Git Blame Copy Permalink