Atom feed of this document
  
 

 Authentication middleware with user name and password

You can also configure the Identity Service authentication middleware using the admin_user and admin_password options. When using the admin_user and admin_password options the admin_token parameter is optional. If admin_token is specified, it is used only if the specified token is still valid.

For services that have a separate paste-deploy .ini file, you can configure the authentication middleware in the [keystone_authtoken] section of the main configuration file, such as nova.conf. In Compute, for example, you can remove the middleware parameters from api-paste.ini, as follows:

[filter:authtoken]
paste.filter_factory =
keystoneclient.middleware.auth_token:filter_factory

And set the following values in nova.conf as follows:

[DEFAULT]
...
auth_strategy=keystone

[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service
[Note]Note

The middleware parameters in the paste config take priority. You must remove them to use the values in the [keystone_authtoken] section.

This sample paste config filter makes use of the admin_user and admin_password options:

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
service_port = 5000
service_host = 127.0.0.1
auth_port = 35357
auth_host = 127.0.0.1
auth_token = 012345SECRET99TOKEN012345
admin_user = admin
admin_password = keystone123
[Note]Note

Using this option requires an admin tenant/role relationship. The admin user is granted access to the admin role on the admin tenant.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...