Authentication middleware with user name and password¶
You can also configure Identity authentication middleware using the admin_user and admin_password options.
Note
The admin_token option is deprecated and no longer used for configuring auth_token middleware.
For services that have a separate paste-deploy .ini file, you can configure the authentication middleware in the [keystone_authtoken] section of the main configuration file, such as nova.conf. In Compute, for example, you can remove the middleware parameters from api-paste.ini, as follows:
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
And set the following values in nova.conf as follows:
[DEFAULT]
...
auth_strategy=keystone
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service
Note
The middleware parameters in the paste config take priority. You must remove them to use the values in the [keystone_authtoken] section.
Note
Comment out any auth_host, auth_port, and auth_protocol options because the identity_uri option replaces them.
This sample paste config filter makes use of the admin_user and admin_password options:
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
auth_token = 012345SECRET99TOKEN012345
admin_user = admin
admin_password = keystone123
Note
Using this option requires an admin tenant/role relationship. The admin user is granted access to the admin role on the admin tenant.
Note
Comment out any auth_host, auth_port, and auth_protocol options because the identity_uri option replaces them.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License http://creativecommons.org/licenses/by/3.0/legalcode.