[Rdo-list] No /usr/share/keystone/keystone-paste.ini in openstack-keystone-2015.1.0-1.el7.noarch.rpm

Alan Pevec apevec at gmail.com
Mon May 25 22:54:47 UTC 2015


> Just to be explicit you are saying it is enough if the documentation is updated to set admin_token = <None> in the /etc/keystone/keystone.conf and the fact that /usr/share/keystone/keystone-dist-paste.ini contains admin_token_auth directives is irrelevant if this is the case?

Once my proposed patch is merged it will be enough to remove or
comment out admin_token in keystone.conf to disable it and this will
be also default.
Right now, default admin_token is ADMIN and this is a security issue
which is worked around by the documentation you're pointing out.

Cheers,
Alan




More information about the dev mailing list