diff options
Diffstat (limited to 'keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml')
| -rw-r--r-- | keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml b/keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml new file mode 100644 index 00000000..69b70dbb --- /dev/null +++ b/keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml @@ -0,0 +1,11 @@ +--- +security: + - The admin_token method of authentication was never intended to be + used for any purpose other than bootstrapping an install. However + many deployments had to leave the admin_token method enabled due + to restrictions on editing the paste file used to configure the + web pipelines. To minimize the risk from this mechanism, the + `admin_token` configuration value now defaults to a python `None` + value. In addition, if the value is set to `None`, either explicitly or + implicitly, the `admin_token` will not be enabled, and an attempt to + use it will lead to a failed authentication. |