Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I can see how that is a bit confusing.

Keystone has two ways of authenticating.

  • The first one uses the traditional username/password combination:

keystone --os-username <auth-user-name> --os-password <auth-password> --os-tenant-name <auth-tenant-name> --os-auth-url <auth-url>

  • The second one authenticates with a token. Technically it is bypassing authentication entirely. It is typically used to setup the initial users and for recovery purposes:

keystone --os-token <service-token> --os-endpoint <service-endpoint>

Notice auth-url is used for the username/password/tenant, while endpoint is paired with the token authentication.