summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColleen Murphy <colleen.murphy@suse.de>2018-12-10 13:52:47 +0100
committerColleen Murphy <colleen.murphy@suse.de>2018-12-10 13:52:47 +0100
commitc04756e0cdbe0694146be876e7bb0cd8272c9573 (patch)
tree5c57ff1d077eebca56c94fc87ae360c3adf15536
parente287f58fbbfb81f16270800581059be2083e547c (diff)
Move "Public ID Generators" to relevant docs
Currently, the section "Public ID Generators" is a subsection of "Identity sources" but it reads as very out of place. Looking at the commit that introduced the section (1a50986e7c), it's clear this was meant to be part of the domain-specific-config section and was missed in a reshuffle. This patch puts it back in place. Change-Id: I2873f104adf6af4da4ba23f8c0d8afb0c1161da3
Notes
Notes (review): Code-Review+2: Lance Bragstad <lbragstad@gmail.com> Code-Review+2: Gage Hugo <gagehugo@gmail.com> Workflow+1: Gage Hugo <gagehugo@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 11 Dec 2018 01:40:20 +0000 Reviewed-on: https://review.openstack.org/624076 Project: openstack/keystone Branch: refs/heads/master
-rw-r--r--doc/source/admin/identity-domain-specific-config.rst27
-rw-r--r--doc/source/configuration.rst26
2 files changed, 26 insertions, 27 deletions
diff --git a/doc/source/admin/identity-domain-specific-config.rst b/doc/source/admin/identity-domain-specific-config.rst
index 4c6a966..1f01a33 100644
--- a/doc/source/admin/identity-domain-specific-config.rst
+++ b/doc/source/admin/identity-domain-specific-config.rst
@@ -184,6 +184,31 @@ LDAP has been configured or after ``mapping_purge``.
184 184
185 $ keystone-manage mapping_populate --domain DOMAINA 185 $ keystone-manage mapping_populate --domain DOMAINA
186 186
187Public ID Generators
188--------------------
189
190Keystone supports a customizable public ID generator and it is specified in the
191``[identity_mapping]`` section of the configuration file. Keystone provides a
192sha256 generator as default, which produces regenerable public IDs. The
193generator algorithm for public IDs is a balance between key size (i.e. the
194length of the public ID), the probability of collision and, in some
195circumstances, the security of the public ID. The maximum length of public ID
196supported by keystone is 64 characters, and the default generator (sha256) uses
197this full capability. Since the public ID is what is exposed externally by
198keystone and potentially stored in external systems, some installations may
199wish to make use of other generator algorithms that have a different trade-off
200of attributes. A different generator can be installed by configuring the
201following property:
202
203* ``generator`` - identity mapping generator. Defaults to ``sha256``
204 (implemented by :class:`keystone.identity.id_generators.sha256.Generator`)
205
206.. WARNING::
207
208 Changing the generator may cause all existing public IDs to be become
209 invalid, so typically the generator selection should be considered
210 immutable for a given installation.
211
187Migrate domain-specific configuration files to the SQL database 212Migrate domain-specific configuration files to the SQL database
188--------------------------------------------------------------- 213---------------------------------------------------------------
189 214
@@ -199,4 +224,4 @@ domain name:
199 224
200.. code-block:: console 225.. code-block:: console
201 226
202 # keystone-manage domain_config_upload --domain-name DOMAIN_NAME \ No newline at end of file 227 # keystone-manage domain_config_upload --domain-name DOMAIN_NAME
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 7ec941d..9588154 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -34,32 +34,6 @@ via SAML federation.
34.. _Domain-specific Configuration: admin/identity-domain-specific-config.html 34.. _Domain-specific Configuration: admin/identity-domain-specific-config.html
35.. support_matrix:: identity-support-matrix.ini 35.. support_matrix:: identity-support-matrix.ini
36 36
37Public ID Generators
38--------------------
39
40Keystone supports a customizable public ID generator and it is specified in the
41``[identity_mapping]`` section of the configuration file. Keystone provides a
42sha256 generator as default, which produces regenerable public IDs. The
43generator algorithm for public IDs is a balance between key size (i.e. the
44length of the public ID), the probability of collision and, in some
45circumstances, the security of the public ID. The maximum length of public ID
46supported by keystone is 64 characters, and the default generator (sha256) uses
47this full capability. Since the public ID is what is exposed externally by
48keystone and potentially stored in external systems, some installations may
49wish to make use of other generator algorithms that have a different trade-off
50of attributes. A different generator can be installed by configuring the
51following property:
52
53* ``generator`` - identity mapping generator. Defaults to ``sha256``
54 (implemented by :class:`keystone.identity.id_generators.sha256.Generator`)
55
56.. WARNING::
57
58 Changing the generator may cause all existing public IDs to be become
59 invalid, so typically the generator selection should be considered
60 immutable for a given installation.
61
62
63SSL 37SSL
64=== 38===
65 39