Authentication middleware with user name and password ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You can also configure Identity authentication middleware using the ``admin_user`` and ``admin_password`` options. .. note:: The ``admin_token`` option is deprecated and no longer used for configuring auth_token middleware. For services that have a separate paste-deploy ``.ini`` file, you can configure the authentication middleware in the ``[keystone_authtoken]`` section of the main configuration file, such as ``nova.conf``. In Compute, for example, you can remove the middleware parameters from ``api-paste.ini``, as follows: .. code-block:: ini [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory And set the following values in ``nova.conf`` as follows: .. code-block:: ini [DEFAULT] ... auth_strategy=keystone [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_user = admin admin_password = SuperSekretPassword admin_tenant_name = service .. note:: The middleware parameters in the paste config take priority. You must remove them to use the values in the ``[keystone_authtoken]`` section. .. note:: Comment out any ``auth_host``, ``auth_port``, and ``auth_protocol`` options because the ``identity_uri`` option replaces them. This sample paste config filter makes use of the ``admin_user`` and ``admin_password`` options: .. code-block:: ini [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 auth_token = 012345SECRET99TOKEN012345 admin_user = admin admin_password = keystone123 .. note:: Using this option requires an admin tenant/role relationship. The admin user is granted access to the admin role on the admin tenant. .. note:: Comment out any ``auth_host``, ``auth_port``, and ``auth_protocol`` options because the ``identity_uri`` option replaces them.