Short answer: yes. There are two types of token_format options available, PKI and UUID.
UUID tokens result in increased network chatter as they must be validated remotely, whereas PKI tokens are big, self-signed, and can be validated offline. You can choose which format you'd like by setting keystone.conf [TOKEN] token_format (PKI is the default). On Saturday, April 13, 2013, Daniel Ellison wrote: > On 2013-04-13, at 5:24 PM, Dolph Mathews > <dolph.math...@gmail.com<javascript:;>> > wrote: > > Hmm, well it looks like you already have debug enabled, which is > indicating that the username + password combination is bad (if debug was > disabled, you'd get a much more opaque error message). The tenant name you > specified would not have been checked yet. If 'admin' appears in your > keystone user-list, then the password is definitely wrong. > > Success! I deleted the admin user and then recreated it using a new, > unique password. I removed OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT from my > environment. Then I did 'keystone token-get' and got a proper response! > > Thanks so much for the suggestion, Dolph. One further question: Is the > "id" part of the received token supposed to be ridiculously long? I got an > id that is 836 characters long! The examples in "Verifying the Identity > Service Installation" are the same length as the user_id: 32 characters. I > just want to be sure everything is working as it should. > > Thanks, > Daniel > > > -- -Dolph
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp