You can also configure the Identity Service authentication
middleware using the admin_user and
admin_password options. When using the
admin_user and
admin_password options the
admin_token parameter is optional. If
admin_token is specified, it is used only if
the specified token is still valid.
For services that have a separate paste-deploy .ini file,
you can configure the authentication middleware in the
[keystone_authtoken] section of the main
configuration file, such as nova.conf. In
Compute, for example, you can remove the middleware parameters
from api-paste.ini, as follows:
[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
And set the following values in
nova.conf as follows:
[DEFAULT] ... auth_strategy=keystone [keystone_authtoken] auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http auth_uri = http://127.0.0.1:5000/ admin_user = admin admin_password = SuperSekretPassword admin_tenant_name = service
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
The middleware parameters in the paste config take priority. You must remove them to use the values in the [keystone_authtoken] section. |
This sample paste config filter makes use of the
admin_user and
admin_password options:
[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory service_port = 5000 service_host = 127.0.0.1 auth_port = 35357 auth_host = 127.0.0.1 auth_token = 012345SECRET99TOKEN012345 admin_user = admin admin_password = keystone123
| Note |
|---|---|
Using this option requires an admin tenant/role relationship. The admin user is granted access to the admin role on the admin tenant. |
