Update incorrect keystone.conf file path and modified minor grammatical/format issues

Change-Id: Id0630bd4021f42a5c271f9d2b680af4ab5bcc865 Closes-Bug: #1368422
2014-09-16 15:54:20 +05:30 · 2014-09-16 15:54:20 +05:30 · 7a65979117
parent e82bf3404d
commit 7a65979117
1 changed files with 4 additions and 4 deletions
--- a/security-guide/ch_identity.xml
+++ b/security-guide/ch_identity.xml
@ -29,7 +29,7 @@
        of failed login attempts. The account then may only be
        unlocked with further side-channel intervention.</para>
      <para>If prevention is not an option, detection can be used to
-        mitigate damage.Detection involves frequent review of access
+        mitigate damage. Detection involves frequent review of access
        control logs to identify unauthorized attempts to access
        accounts. Possible remediation would include reviewing the
        strength of the user password, or blocking the network source
@ -87,7 +87,7 @@
      <para>Note that if the LDAP system has attributes defined for
        the user such as admin, finance, HR etc, these must be mapped
        into roles and groups within Identity for use by the various
-        OpenStack services. The <filename>/etc/keystone.conf</filename>
+        OpenStack services. The <filename>/etc/keystone/keystone.conf</filename>
        file maps LDAP attributes to Identity attributes.</para>
      <para>The Identity Service <emphasis role="bold">MUST
          NOT</emphasis> be allowed to write to LDAP services used for
@ -199,7 +199,7 @@
      <para>The cloud administrator should protect sensitive
        configuration files from unauthorized modification. This can be
        achieved with mandatory access control frameworks such as
-        SELinux, including <filename>/etc/keystone.conf</filename> and
+        SELinux, including <filename>/etc/keystone/keystone.conf</filename> and
        X.509 certificates.</para>

      <para>Client authentication with SSL requires certificates be issued
@ -208,7 +208,7 @@
        of certificate signatures against trusted CAs by default and
        connections will fail if the signature is not valid or the CA is not
        trusted. Cloud deployers may use self-signed certificates. In this case,
-        the validity check must disabled or the certificate marked as trusted.
+        the validity check must be disabled or the certificate should be marked as trusted.
        To disable validation of self-signed certificates, set
          <code>insecure=False</code> in the
          <code>[filter:authtoken]</code> section in the