<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Jun 21, 2014 at 5:25 AM, Frans Thamura <span dir="ltr"><<a href="mailto:frans@meruvian.org" target="_blank">frans@meruvian.org</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">hi all<br>
<br>
i find there is glance-api-paste.ini<br>
<br>
and i google that if we put under  [filter:authtoken]<br>
<br>
sql_connection = mysql://glanceuser:glance-pass@db-host/glance<br>
<br>
[keystone_authtoken]<br>
auth_host = <auth-host><br>
auth_port = 35357<br>
auth_protocol = http<br>
admin_tenant_name = <service tenant name><br>
admin_user = <glance user><br>
admin_password = <admin password><br>
<br>
[paste_deploy]<br>
flavor=keystone<br>
<br>
<br>
we dont have to modify the 4 .confs, in installation chapter 4 sub 8.<br>
<br>
Configure the Image Service to use the Identity Service for authentication.<br>
<br>
Edit the /etc/glance/glance-api.conf and /etc/glance/glance-registry.conf<br>
<br>
<br>
why dont we use the glance-api-paste.ini instead<br>
<br>
so let the keystone token as defaulat as<br>
<br>
admin_tenant_name = %SERVICE_TENANT_NAME%<br>
admin_user = %SERVICE_USER%<br>
admin_password = %SERVICE_PASSWORD%<br>
<br>
<br></blockquote><div><br></div><div>I think it was changed by default a security measure -- any middleware passing of passwords is an additional exposure it's better not to take. </div><div><br></div><div><a href="http://docs.openstack.org/security-guide/content/ch021_paste-and-middleware.html">http://docs.openstack.org/security-guide/content/ch021_paste-and-middleware.html</a><br>

</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
anyone can explain?<br>
<br>
<br>
F<br>
<br>
_______________________________________________<br>
Openstack-docs mailing list<br>
<a href="mailto:Openstack-docs@lists.openstack.org">Openstack-docs@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs</a><br>
</blockquote></div><br></div></div>