Doc updates for Certificates for PKI
There were several issuses with the "Certificates for PKI" subsection of the "Identity management" section of the Cloud Administrator Guide. - Keystone doesn't have a token_format or ca_password setting in the [signing] section of its config file, so the doc shouldn't say that there is one. - Keystone does have a cert_subject option, so add that for completeness. - The token provider class is now used instead of token_format. Change-Id: Id8fe05797948e107d5fdb1e781eb40046c293872
This commit is contained in:
Brant Knudson
parent
8e892da2bf
commit
b4a5035dd0
@ -36,13 +36,6 @@
|
|||||||
under the <literal>[signing]</literal> section of the
|
under the <literal>[signing]</literal> section of the
|
||||||
configuration file. The configuration values are:</para>
|
configuration file. The configuration values are:</para>
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
<literal>token_format</literal> - Determines the
|
|
||||||
algorithm used to generate tokens. Can be either
|
|
||||||
<literal>UUID</literal> or <literal>PKI</literal>.
|
|
||||||
Defaults to <literal>PKI</literal>.</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>certfile</literal> - Location of certificate
|
<literal>certfile</literal> - Location of certificate
|
||||||
@ -81,9 +74,10 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>ca_password</literal> - Password required to
|
<literal>cert_subject</literal> - Certificate subject (auto
|
||||||
read the <literal>ca_file</literal>. Default is
|
generated certificate) for token signing. Default is
|
||||||
<literal>None</literal>.</para>
|
<literal>/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com</literal>.
|
||||||
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
<para>When generating certificates with the
|
<para>When generating certificates with the
|
||||||
@ -95,11 +89,13 @@
|
|||||||
is not used to generate certificates, or you are providing
|
is not used to generate certificates, or you are providing
|
||||||
your own certificates, these values do not need
|
your own certificates, these values do not need
|
||||||
to be set.</para>
|
to be set.</para>
|
||||||
<para>If <literal>token_format=UUID</literal>, a typical token
|
<para>If
|
||||||
looks like
|
<literal>provider=keystone.token.providers.uuid.Provider</literal> in
|
||||||
|
the <literal>[token]</literal> section of the keystone configuration, a
|
||||||
|
typical token looks like
|
||||||
<literal>53f7f6ef0cc344b5be706bcc8b1479e1</literal>. If
|
<literal>53f7f6ef0cc344b5be706bcc8b1479e1</literal>. If
|
||||||
<literal>token_format=PKI</literal>, a typical token is a
|
<literal>provider=keystone.token.providers.pki.Provider</literal>, a
|
||||||
much longer string, such as:</para>
|
typical token is a much longer string, such as:</para>
|
||||||
<screen>MIIKtgYJKoZIhvcNAQcCoIIKpzCCCqMCAQExCTAHBgUrDgMCGjCCCY8GCSqGSIb3DQEHAaCCCYAEggl8eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0z
|
<screen>MIIKtgYJKoZIhvcNAQcCoIIKpzCCCqMCAQExCTAHBgUrDgMCGjCCCY8GCSqGSIb3DQEHAaCCCYAEggl8eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0z
|
||||||
MFQxNTo1MjowNi43MzMxOTgiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTMxVDE1OjUyOjA2WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogbnVs
|
MFQxNTo1MjowNi43MzMxOTgiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTMxVDE1OjUyOjA2WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogbnVs
|
||||||
bCwgImVuYWJsZWQiOiB0cnVlLCAiaWQiOiAiYzJjNTliNGQzZDI4NGQ4ZmEwOWYxNjljYjE4MDBlMDYiLCAibmFtZSI6ICJkZW1vIn19LCAic2VydmljZUNhdGFsb2ciOiBbeyJlbmRw
|
bCwgImVuYWJsZWQiOiB0cnVlLCAiaWQiOiAiYzJjNTliNGQzZDI4NGQ4ZmEwOWYxNjljYjE4MDBlMDYiLCAibmFtZSI6ICJkZW1vIn19LCAic2VydmljZUNhdGFsb2ciOiBbeyJlbmRw
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user