Public bug reported:
The keystone-manage bootstrap command is intended to supersede the
admin_token middleware. However, one of the common use cases for the
admin_token middleware was to provide a recovery mechanism for cloud
operators that had accidentally disabled themselves or lost their
password.
However, even after attempting to "re-bootstrap" an existing admin with
a known password (effectively performing a password reset), the admin is
still not able to authenticate. The same is true if the admin was
disabled.
This was originally reported in #openstack-ansible by odyssey4me:
[Fri 09:29] <odyssey4me> dolphm lbragstad is keystone-manage bootstrap meant to
skip the bootstrap if there are already settings in place? what is the right
way to fix up creds that are lost somehow for the keystone admin?
[Fri 09:30] <dolphm> odyssey4me: bootstrap should be idempotent, but i don't
think it'll change an admin's password if you specify something different
[Fri 09:31] <odyssey4me> dolphm so the options are, I guess, to delete the
admin account in the db or to use the auth_token middleware?
** Affects: keystone
Importance: Undecided
Assignee: Dolph Mathews (dolph)
Status: In Progress
** Affects: keystone/mitaka
Importance: Undecided
Status: New
** Tags: mitaka-backport-potential
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1588860
Title:
keystone-manage bootstrap cannot recover admin account
Status in OpenStack Identity (keystone):
In Progress
Status in OpenStack Identity (keystone) mitaka series:
New
Bug description:
The keystone-manage bootstrap command is intended to supersede the
admin_token middleware. However, one of the common use cases for the
admin_token middleware was to provide a recovery mechanism for cloud
operators that had accidentally disabled themselves or lost their
password.
However, even after attempting to "re-bootstrap" an existing admin
with a known password (effectively performing a password reset), the
admin is still not able to authenticate. The same is true if the admin
was disabled.
This was originally reported in #openstack-ansible by odyssey4me:
[Fri 09:29] <odyssey4me> dolphm lbragstad is keystone-manage bootstrap meant
to skip the bootstrap if there are already settings in place? what is the right
way to fix up creds that are lost somehow for the keystone admin?
[Fri 09:30] <dolphm> odyssey4me: bootstrap should be idempotent, but i don't
think it'll change an admin's password if you specify something different
[Fri 09:31] <odyssey4me> dolphm so the options are, I guess, to delete the
admin account in the db or to use the auth_token middleware?
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1588860/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
