← Back to team overview

openstack team mailing list archive

Re: Keystone Woes


Short answer: yes.

There are two types of token_format options available, PKI and UUID.

UUID tokens result in increased network chatter as they must be validated
remotely, whereas PKI tokens are big, self-signed, and can be validated

You can choose which format you'd like by setting keystone.conf [TOKEN]
token_format (PKI is the default).

On Saturday, April 13, 2013, Daniel Ellison wrote:

> On 2013-04-13, at 5:24 PM, Dolph Mathews <dolph.mathews@xxxxxxxxx<javascript:;>>
> wrote:
> > Hmm, well it looks like you already have debug enabled, which is
> indicating that the username + password combination is bad (if debug was
> disabled, you'd get a much more opaque error message). The tenant name you
> specified would not have been checked yet. If 'admin' appears in your
> keystone user-list, then the password is definitely wrong.
> Success! I deleted the admin user and then recreated it using a new,
> unique password. I removed OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT from my
> environment. Then I did 'keystone token-get' and got a proper response!
> Thanks so much for the suggestion, Dolph. One further question: Is the
> "id" part of the received token supposed to be ridiculously long? I got an
> id that is 836 characters long! The examples in "Verifying the Identity
> Service Installation" are the same length as the user_id: 32 characters. I
> just want to be sure everything is working as it should.
> Thanks,
> Daniel



Follow ups