Hi folks, All parts of code related to stage I and II from blueprint http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.htm <http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.html> are merged. In result of that, fuel (api and UI) we now have authentication via keystone and now is required as default. Keystone is installed in new container during master installation. We can configure password via fuelmenu during installation (default user:password - admin:admin). Password is saved in astute.yaml, also admin_token is stored here. Almost all endpoints in fuel are protected and they required authentication token. We made exception for few endpoints and they are defined in nailgun/middleware/keystone.py in public_url . Default password can be changed via UI or via fuel-cli. In case of changing password via UI or fuel-cli password is not stored in any file only in keystone, so if you forgot password you can change it using keystone client from master node and admin_token from astute.yaml using command: keystone --os-endpoint=http://10.20.0.2:35357/v2.0 --os-token=admin_token password-update . Fuel client now use for authentication user and passwords which are stored in /etc/fuel/client/config.yaml. Password in this file is not changed during changing via fuel-cli or UI, user must change this password manualy. If user don't want use config file can provide user and password to fuel-cli by flags: --os-username=admin --os-password=test. We added also possibilities to change password via fuel-cli, to do this we should execute: fuel user --change-password --new-pass=new . To run or disable authentication we should change /etc/nailgun/settings.yaml (AUTHENTICATION_METHOD) in nailgun container. Best regards, Kamil S. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140724/c8cba260/attachment.html>