[Rdo-list] No /usr/share/keystone/keystone-paste.ini in openstack-keystone-2015.1.0-1.el7.noarch.rpm
sgordon at redhat.com
Mon May 25 22:31:21 UTC 2015
----- Original Message -----
> From: "Alan Pevec" <apevec at gmail.com>
> To: "Steve Gordon" <sgordon at redhat.com>, nkinder at redhat.com
> 2015-05-25 14:29 GMT+02:00 Steve Gordon <sgordon at redhat.com>:
> > OK, but in this case the keystone-paste.ini we are using in RDO includes
> > the admin_token_auth directives that the documentation patch is
> > endeavoring to remove  and the RHEL-OSP 7 beta packages I took a look
> > at don't. Which is correct?
> It is an upstream bug and potential security issue which should be
> fixed instead of working around in documentation and deployment tools:
Just to be explicit you are saying it is enough if the documentation is updated to set admin_token = <None> in the /etc/keystone/keystone.conf and the fact that /usr/share/keystone/keystone-dist-paste.ini contains admin_token_auth directives is irrelevant if this is the case?
More information about the dev