From 6c60d6c783656f35657b6cb462d93390fc689ac0 Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Wed, 22 Feb 2012 22:28:42 -0500 Subject: Set tenantName to 'admin' in get_admin_auth_token. Sets the tenantName to 'admin' in get_admin_auth_token. This is required because user-only roles are currently not supported. Give that wsgi is hard coded to check for 'role:admin' this seems to be a reasonable thing to do. In the future it would be nice to add a custom admin_role setting in the config file so the role wouldn't be hard coded to 'admin'. Also removes unused version of get_admin_auth_token. Fixes LP Bug #939015. Change-Id: I545b458e31c8a44a5a69cad1e875f0fe02956246 --- docs/source/configuringservices.rst | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'docs/source') diff --git a/docs/source/configuringservices.rst b/docs/source/configuringservices.rst index 11085e9d..bfbada65 100644 --- a/docs/source/configuringservices.rst +++ b/docs/source/configuringservices.rst @@ -259,3 +259,27 @@ S3 api. .. Note:: With the S3 middleware you are connecting to the `Swift` proxy and not to `keystone`. + +Auth-Token Middleware with Username and Password +-------------------------------- + +It is also possible to configure Keystone's auth_token middleware using the +'admin_user' and 'admin_password' options. When using the 'admin_user' and +'admin_password' options the 'admin_token' parameter is optional. If +'admin_token' is specified it will by used only if the specified token is +still valid. + +Here is an example paste config filter that makes use of the 'admin_user' and +'admin_password' parameters:: + + [filter:tokenauth] + paste.filter_factory = keystone.middleware.auth_token:filter_factory + service_port = 5000 + service_host = 127.0.0.1 + auth_port = 35357 + auth_host = 127.0.0.1 + auth_token = ADMIN + admin_user = admin + admin_password = keystone123 + +It should be noted that when using this option an 'admin' tenant/role relationship is required. The admin user is granted access to to the 'admin' role via the 'admin' tenant. -- cgit