Opt out of the service catalog

Set include_servce_catalog=False in Keystone's auth_token
example configuration. Swift does not use X-Service-Catalog
so there is no need to suffer its overhead. In addition,
service catalogs can be larger than max_header_size so this
change avoids a failure mode.

DocImpact
Relates to bug 1228317

Change-Id: If94531ee070e4a47cbd9b848d28e2313730bd3c0

doc/source/overview_auth.rst

@@ -102,6 +102,7 @@ add the configuration for the authtoken middleware::
   admin_user = swift
   admin_password = password
   cache = swift.cache
+  include_service_catalog = False
 
 The actual values for these variables will need to be set depending on
 your situation.  For more information, please refer to the Keystone
@@ -114,6 +115,15 @@ documentation on the ``auth_token`` middleware, but in short:
 * The admin auth credentials (``admin_user``, ``admin_tenant_name``,
   ``admin_password``) will be used to retrieve an admin token. That
   token will be used to authorize user tokens behind the scenes.
+* cache is set to ``swift.cache``. This means that the middleware
+  will get the Swift memcache from the request environment.
+* include_service_catalog defaults to True if not set. This means
+  that when validating a token, the service catalog is retrieved
+  and stored in the X-Service-Catalog header. Since Swift does not
+  use the X-Service-Catalog header, there is no point in getting
+  the service catalog. We recommend you set include_service_catalog
+  to False.
+
 
 .. note::
 

etc/proxy-server.conf-sample

@@ -270,6 +270,7 @@ user_test_tester3 = testing3
 # admin_password = password
 # delay_auth_decision = 1
 # cache = swift.cache
+# include_service_catalog = False
 #
 # [filter:keystoneauth]
 # use = egg:swift#keystoneauth