openstack team mailing list archive
Mailing list archive
Re: Keystone Woes
On 2013-04-14, at 10:00 AM, Dolph Mathews <dolph.mathews@xxxxxxxxx> wrote:
> Short answer: yes.
> There are two types of token_format options available, PKI and UUID.
> UUID tokens result in increased network chatter as they must be validated remotely, whereas PKI tokens are big, self-signed, and can be validated offline.
> You can choose which format you'd like by setting keystone.conf [TOKEN] token_format (PKI is the default).
Ah, perfect! Since this is a proof of concept there's no need for giant keys, and the network traffic is going to be minimal in my case anyway. Switching to UUID brought the token size down to a manageable size.
Thanks again, Dolph! I've got Glance up and running and now I'm working on Nova. I've finally made progress!