diff options
author | DUVAL Thomas <thomas.duval@orange.com> | 2016-06-09 09:11:50 +0200 |
---|---|---|
committer | DUVAL Thomas <thomas.duval@orange.com> | 2016-06-09 09:11:50 +0200 |
commit | 2e7b4f2027a1147ca28301e4f88adf8274b39a1f (patch) | |
tree | 8b8d94001ebe6cc34106cf813b538911a8d66d9a /keystone-moon/releasenotes/notes/add-bootstrap-cli-192500228cc6e574.yaml | |
parent | a33bdcb627102a01244630a54cb4b5066b385a6a (diff) |
Update Keystone core to Mitaka.
Change-Id: Ia10d6add16f4a9d25d1f42d420661c46332e69db
Diffstat (limited to 'keystone-moon/releasenotes/notes/add-bootstrap-cli-192500228cc6e574.yaml')
-rw-r--r-- | keystone-moon/releasenotes/notes/add-bootstrap-cli-192500228cc6e574.yaml | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/keystone-moon/releasenotes/notes/add-bootstrap-cli-192500228cc6e574.yaml b/keystone-moon/releasenotes/notes/add-bootstrap-cli-192500228cc6e574.yaml new file mode 100644 index 00000000..997ee64a --- /dev/null +++ b/keystone-moon/releasenotes/notes/add-bootstrap-cli-192500228cc6e574.yaml @@ -0,0 +1,17 @@ +--- +features: + - > + [`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/bootstrap>`_] + keystone-manage now supports the bootstrap command + on the CLI so that a keystone install can be + initialized without the need of the admin_token + filter in the paste-ini. +security: + - The use of admin_token filter is insecure compared + to the use of a proper username/password. Historically + the admin_token filter has been left enabled in + Keystone after initialization due to the way CMS + systems work. Moving to an out-of-band initialization using + ``keystone-manage bootstrap`` will eliminate the security concerns around + a static shared string that conveys admin access to keystone + and therefore to the entire installation. |