Merge "Update Keystone core to Mitaka."

author: Ruan HE <ruan.he@orange.com> 2016-06-09 08:12:34 +0000
committer: Gerrit Code Review <gerrit@172.30.200.206> 2016-06-09 08:12:34 +0000
commit: 4bc079a2664f9a407e332291f34d174625a9d5ea (patch)
tree: 7481cd5d0a9b3ce37c44c797a1e0d39881221cbe /keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml
parent: 2f179c5790fbbf6144205d3c6e5089e6eb5f048a (diff)
parent: 2e7b4f2027a1147ca28301e4f88adf8274b39a1f (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml b/keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml
new file mode 100644
index 00000000..69b70dbb
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml
@@ -0,0 +1,11 @@
+---
+security:
+  - The admin_token method of authentication was never intended to be
+    used for any purpose other than bootstrapping an install. However
+    many deployments had to leave the admin_token method enabled due
+    to restrictions on editing the paste file used to configure the
+    web pipelines.  To minimize the risk from this mechanism, the
+    `admin_token` configuration value now defaults to a python `None`
+    value.  In addition, if the value is set to `None`, either explicitly or
+    implicitly, the `admin_token` will not be enabled, and an attempt to
+    use it will lead to a failed authentication.
author	Ruan HE <ruan.he@orange.com>	2016-06-09 08:12:34 +0000
committer	Gerrit Code Review <gerrit@172.30.200.206>	2016-06-09 08:12:34 +0000
commit	4bc079a2664f9a407e332291f34d174625a9d5ea (patch)
tree	7481cd5d0a9b3ce37c44c797a1e0d39881221cbe /keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml
parent	2f179c5790fbbf6144205d3c6e5089e6eb5f048a (diff)
parent	2e7b4f2027a1147ca28301e4f88adf8274b39a1f (diff)