Authentication middleware with user name and password¶
You can also configure Identity authentication middleware using the
admin_user and admin_password options.
Note
The admin_token option is deprecated and no longer used for
configuring auth_token middleware.
For services that have a separate paste-deploy .ini file, you can
configure the authentication middleware in the [keystone_authtoken]
section of the main configuration file, such as nova.conf. In
Compute, for example, you can remove the middleware parameters from
api-paste.ini, as follows:
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
And set the following values in nova.conf as follows:
[DEFAULT]
# ...
auth_strategy=keystone
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service
Note
The middleware parameters in the paste config take priority. You
must remove them to use the values in the [keystone_authtoken]
section.
Note
Comment out any auth_host, auth_port, and
auth_protocol options because the identity_uri option
replaces them.
This sample paste config filter makes use of the admin_user and
admin_password options:
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
auth_token = 012345SECRET99TOKEN012345
admin_user = admin
admin_password = keystone123
Note
Using this option requires an admin project/role relationship. The admin user is granted access to the admin role on the admin project.
Note
Comment out any auth_host, auth_port, and
auth_protocol options because the identity_uri option
replaces them.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.