Replacing Keystone deprecated configuration auth_uri with www_authenticate_uri
The auth_uri option is deprecated in favor of www_authenticate_uri and will be removed in the Stien releasee and silently ignored in the future. This change updates Keystone's auth_uri to www_authenticate_uri in the security checklist docs. Change-Id: I942db5fff874df20ce77b0f5741925e4cea8d859
This commit is contained in:
parent
9375908823
commit
c8d81b2cfd
|
@ -96,13 +96,13 @@ try to eavesdrop on the channel in order to get access to sensitive
|
|||
information. Thus all the components must communicate with each other using a
|
||||
secured communication protocol.
|
||||
|
||||
**Pass:** If value of parameter ``auth_uri`` under
|
||||
**Pass:** If value of parameter ``www_authenticate_uri`` under
|
||||
``[keystone_authtoken]`` section in ``/etc/cinder/cinder.conf`` is set to
|
||||
Identity API endpoint starting with ``https://`` and value of parameter
|
||||
``insecure`` under the same ``[keystone_authtoken]`` section in the same
|
||||
``/etc/cinder/cinder.conf`` is set to ``False``.
|
||||
|
||||
**Fail:** If value of parameter ``auth_uri`` under
|
||||
**Fail:** If value of parameter ``www_authenticate_uri`` under
|
||||
``[keystone_authtoken]`` section in ``/etc/cinder/cinder.conf`` is not set to
|
||||
Identity API endpoint starting with ``https://`` or value of parameter
|
||||
``insecure`` under the same ``[keystone_authtoken]`` section in the same
|
||||
|
|
|
@ -105,13 +105,13 @@ try to eavesdrop on the channel in order to get access to sensitive
|
|||
information. All the components must communicate with each other using a
|
||||
secured communication protocol.
|
||||
|
||||
**Pass:** If value of parameter ``auth_uri`` under
|
||||
**Pass:** If value of parameter ``www_authenticate_uri`` under
|
||||
``[keystone_authtoken]`` section in ``/etc/nova/nova.conf`` is set to
|
||||
Identity API endpoint starting with ``https://`` and value of parameter
|
||||
``insecure`` under the same ``[keystone_authtoken]`` section in the same
|
||||
``/etc/nova/nova.conf`` is set to ``False``.
|
||||
|
||||
**Fail:** If value of parameter ``auth_uri`` under
|
||||
**Fail:** If value of parameter ``www_authenticate_uri`` under
|
||||
``[keystone_authtoken]`` section in ``/etc/nova/nova.conf`` is not set to
|
||||
Identity API endpoint starting with ``https://`` or value of parameter
|
||||
``insecure`` under the same ``[keystone_authtoken]`` section in the same
|
||||
|
|
|
@ -116,17 +116,17 @@ may try to eavesdrop on the channel in order to get access to sensitive
|
|||
information. All components must communicate with each other using a
|
||||
secured communication protocol.
|
||||
|
||||
**Pass:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]``
|
||||
section in ``/etc/glance/glance-api.conf`` is set to the Identity API endpoint
|
||||
starting with ``https://``, and the value of the parameter ``insecure`` is under
|
||||
the same ``[keystone_authtoken]`` section in the same
|
||||
``/etc/glance/glance-registry.conf`` is set to ``False``.
|
||||
**Pass:** If value of parameter ``www_authenticate_uri`` under
|
||||
``[keystone_authtoken]`` section in ``/etc/glance/glance-api.conf`` is set to
|
||||
the Identity API endpoint starting with ``https://``, and the value of the
|
||||
parameter ``insecure`` is under the same ``[keystone_authtoken]`` section
|
||||
in the same ``/etc/glance/glance-registry.conf`` is set to ``False``.
|
||||
|
||||
**Fail:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]``
|
||||
section in ``/etc/glance/glance-api.conf`` is not set to Identity API endpoint
|
||||
starting with ``https://``, or value of parameter ``insecure`` under the same
|
||||
``[keystone_authtoken]`` section in the same ``/etc/glance/glance-api.conf``
|
||||
is set to ``True``.
|
||||
**Fail:** If value of parameter ``www_authenticate_uri`` under
|
||||
``[keystone_authtoken]`` section in ``/etc/glance/glance-api.conf`` is not set
|
||||
to Identity API endpoint starting with ``https://``, or value of parameter
|
||||
``insecure`` under the same ``[keystone_authtoken]`` section in the same
|
||||
``/etc/glance/glance-api.conf`` is set to ``True``.
|
||||
|
||||
.. _check_image_05:
|
||||
|
||||
|
|
|
@ -97,13 +97,13 @@ try to eavesdrop on the channel in order to get access to sensitive
|
|||
information. Thus all the components must communicate with each other using a
|
||||
secured communication protocol.
|
||||
|
||||
**Pass:** If value of parameter ``auth_uri`` under
|
||||
**Pass:** If value of parameter ``www_authenticate_uri`` under
|
||||
``[keystone_authtoken]`` section in ``/etc/neutron/neutron.conf`` is set to
|
||||
Identity API endpoint starting with ``https://`` and value of parameter
|
||||
``insecure`` under the same ``[keystone_authtoken]`` section in the same
|
||||
``/etc/neutron/neutron.conf`` is set to ``False``.
|
||||
|
||||
**Fail:** If value of parameter ``auth_uri`` under
|
||||
**Fail:** If value of parameter ``www_authenticate_uri`` under
|
||||
``[keystone_authtoken]`` section in ``/etc/neutron/neutron.conf`` is not set to
|
||||
Identity API endpoint starting with ``https://`` or value of parameter
|
||||
``insecure`` under the same ``[keystone_authtoken]`` section in the same
|
||||
|
|
Loading…
Reference in New Issue