diff options
| author | Matt Fischer <matt@mattfischer.com> | 2016-05-04 20:11:46 -0600 |
|---|---|---|
| committer | Matt Fischer <matt@mattfischer.com> | 2016-05-04 20:18:32 -0600 |
| commit | 5ef2e510d19d1e9ef31635f85c798dad395c26d4 (patch) | |
| tree | de4103d006056558f672793873f6ae7dba25556f /doc/source | |
| parent | 89ec136e5a92e9d7f309b8b5e33a04782b548b1c (diff) | |
| download | keystonemiddleware-5ef2e510d19d1e9ef31635f85c798dad395c26d4.tar.gz | |
Update config options
The config options in the architecture page needed to be updated. This
includes new values and correct text for old values. We also note in the
code that the revocation event list is only valid for PKI tokens.
Change-Id: Ib98d3de771d88feea72ea9598d094b77cde6093e
Diffstat (limited to 'doc/source')
| -rw-r--r-- | doc/source/middlewarearchitecture.rst | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/doc/source/middlewarearchitecture.rst b/doc/source/middlewarearchitecture.rst index fa59e66..9317df4 100644 --- a/doc/source/middlewarearchitecture.rst +++ b/doc/source/middlewarearchitecture.rst @@ -222,8 +222,12 @@ a WSGI component. Example for the auth_token middleware: # (integer value) #token_cache_time=300 - # Value only used for unit testing (integer value) - #revocation_cache_time=1 + # Determines the frequency at which the list of revoked tokens + # is retrieved from the Identity service (in seconds). A high + # number of revocation events combined with a low cache duration + # may significantly reduce performance. Only valid for PKI tokens. + # (integer value) + #revocation_cache_time = 10 # (optional) if defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable @@ -256,9 +260,30 @@ a WSGI component. Example for the auth_token middleware: # value) #enforce_token_bind=permissive - # The plugin used for authentication, such as password, token (string - # value) - #auth_plugin=password + # If true, the revocation list will be checked for cached + # tokens. This requires that PKI tokens are configured on the + # identity server. + # (boolean value) + #check_revocations_for_cached = false + + # Hash algorithms to use for hashing PKI tokens. This may be a + # single algorithm or multiple. The algorithms are those supported + # by Python standard hashlib.new(). The hashes will be tried in the + # order given, so put the preferred one first for performance. The + # result of the first hash will be stored in the cache. This will + # typically be set to multiple values only while migrating from a + # less secure algorithm to a more secure one. Once all the old + # tokens are expired this option should be set to a single value + # for better performance. (list value) + #hash_algorithms = md5 + + # Authentication type to load (unknown value) + # Deprecated group/name - [DEFAULT]/auth_plugin + #auth_type = <None> + + # Config Section from which to load plugin specific options + # (unknown value) + #auth_section = <None> If the ``auth_plugin`` configuration option is set, you may need to refer to the `Authentication Plugins <http://docs.openstack.org/developer/ |