openstack/openstack-manuals
Code Issues Proposed changes
f9b9c9def1
openstack-manuals/doc/admin-guide/source/identity_auth_token_middleware.rst
Joseph Robinson 2ce5b11b1a [User Guides] Rename Admin-Guide-Cloud to Admin-Guide 
This patch changes the name of the Admin-Guide from the Cloud
Admin Guide to the Administrator guide. This affects the
filename in the repository, and references to cloud administrators
within the document texts.

1.) Changing instances of 'cloud administrator'
    to 'administrator'.

2.) Change links from '/admin-guide-cloud/' to
    '/admin-guide/' within the Admin Guide.

3.) Adjust .htaccess file.

Change-Id: I7f21a710e922981aa295afc0616de36fd819b523
Implements: blueprint user-guides-reorganised
2016-04-01 19:50:13 +09:00

2.0 KiB
Raw Blame History

Authentication middleware with user name and password

You can also configure Identity authentication middleware using the admin_user and admin_password options.

Note

The admin_token option is deprecated and no longer used for configuring auth_token middleware.

For services that have a separate paste-deploy .ini file, you can configure the authentication middleware in the [keystone_authtoken] section of the main configuration file, such as nova.conf. In Compute, for example, you can remove the middleware parameters from api-paste.ini, as follows:

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory

And set the following values in nova.conf as follows:

[DEFAULT]
...
auth_strategy=keystone

[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service

Note

The middleware parameters in the paste config take priority. You must remove them to use the values in the [keystone_authtoken] section.

Note

Comment out any auth_host, auth_port, and auth_protocol options because the identity_uri option replaces them.

This sample paste config filter makes use of the admin_user and admin_password options:

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
auth_token = 012345SECRET99TOKEN012345
admin_user = admin
admin_password = keystone123

Note

Using this option requires an admin tenant/role relationship. The admin user is granted access to the admin role on the admin tenant.

Note

Comment out any auth_host, auth_port, and auth_protocol options because the identity_uri option replaces them.