blob: 997ee64a86b89516670aebd0256327d59d709860 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
---
features:
- >
[`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/bootstrap>`_]
keystone-manage now supports the bootstrap command
on the CLI so that a keystone install can be
initialized without the need of the admin_token
filter in the paste-ini.
security:
- The use of admin_token filter is insecure compared
to the use of a proper username/password. Historically
the admin_token filter has been left enabled in
Keystone after initialization due to the way CMS
systems work. Moving to an out-of-band initialization using
``keystone-manage bootstrap`` will eliminate the security concerns around
a static shared string that conveys admin access to keystone
and therefore to the entire installation.
|
