[openstack-dev] Keystone auth_token middleware and the auth_host/auth_port configuration options

Jay Pipes jaypipes at gmail.com
Thu Aug 1 05:43:14 UTC 2013


I have a question for the auth_token middleware developers.

The default auth_port is set to 35357, which is the admin API port for 
Keystone:

https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/auth_token.py#L201

However, the token validation API call (POST /v2.0/tokens or POST 
/v3/auth/tokens) uses the *service* API port, not the admin API port... 
in fact, in the v3 API, there is no longer any distinction (thankfully) 
between the service API and the admin API ... it's all just one API.

So, my question is this: we've been setting all of the auth_token config 
options to the 5000 port -- the service API port for v2.0 Keystone. Is 
this problematic? I'm having a heck of a time tracking down the source 
of this bug:

https://bugs.launchpad.net/nova/+bug/1206330

And am trying to cross any possible configuration issues with the 
auth_token middleware off of my list of possible causes.

Any and all insight would be most appreciated.

Best,
-jay



More information about the OpenStack-dev mailing list