Ask Your Question

Keystone user-list authentication error. [closed]

asked 2014-08-10 15:09:41 -0600

bcstodds gravatar image

updated 2014-08-11 01:39:04 -0600


I am running through the OpenStack lab for running openstack on a virtual machine and have run into an issue that I can't seem to get past.

I am following this guide: (

And am currently in this section: ( On the last step for setting up Keystone.

At this point I have been able to follow all of the steps in the guide without issue, and used the and that can be found here: (

At this point though, when I run the command 'keystone user-list' I get the output:

root@compute:/home/<username># keystone user-list

The request you have made requires authentication. (HTTP 401)

I'm not sure why I am having authentication issues though since I have sourced a file with the username and password that I have set up so far (as described in the guide).

Is there something obvious I am missing so far?



EDIT (debug content without usernames or passwords):

<username>@compute:~/openstack-config$ keystone --debug user-list

REQ: curl -i -X POST -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient"

REQ BODY: {"auth": {"tenantName": "<username>", "passwordCredentials": {"username": "<username>", "password": "<password>"}}}

RESP: [401] CaseInsensitiveDict({'date': 'Mon, 11 Aug 2014 06:25:19 GMT', 'vary': 'X-Auth-Token', 'content-length': '114', 'content-type': 'application/json'})

RESP BODY: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

Request returned failure status: 401

The request you have made requires authentication. (HTTP 401)

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by bcstodds
close date 2014-08-12 11:36:41.615544

1 answer

Sort by ยป oldest newest most voted

answered 2014-08-11 00:47:15 -0600

Try keystone --debug user-list and copy paste the output. Without debug info, it is difficult to guess. I don't think user-list is exposed on port 5000, you should use port 35357thy

edit flag offensive delete link more


Editing my main post since I can't copy all the text into a comment. It still seems to be just an authentication error, but authentication should be covered via sourcing the credentials as in the tutorial I've been following.

I'm not sure what changes I'd have to make to the posted guide to fix it.

bcstodds gravatar imagebcstodds ( 2014-08-11 01:31:45 -0600 )edit

Editing the port number in the URL in the credentials file and resourcing doesn't change the output of the command I've run either (aside from the port in the post request being 35357 as suggested.

bcstodds gravatar imagebcstodds ( 2014-08-11 01:38:06 -0600 )edit
Look at keystone.log for exact details. Most probably  you don't have that credentials created in the data base.
Login to mysql and check whether the user , tenant table have respective user and tenant. Also check whether there is a role association between user and tenant. You can check this in roles table.

MySql credentials will be in keystone.conf. Its default location is /etc/keystone/keystone.conf.

Your request is failing during token-get. Port 35357  is required only for user-list which  is called only if you get a valid token.

Alternate way:
keystone.conf  will have ADMIN token. Enable that config setting and restart keystone. Then set the env varaible OS_SERVICE_TOKEN =<admin token="" valie="" from="" keystone.conf="">.  Then try keystone user-list. This bypasses authentication. So if you have users created, it will list them
Haneef Ali gravatar imageHaneef Ali ( 2014-08-11 02:04:24 -0600 )edit

Making the request only adds one line to the log, which is:

2014-08-11 12:30:57.742 1641 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from

I'll give your alternative a try also.

bcstodds gravatar imagebcstodds ( 2014-08-11 11:31:26 -0600 )edit

That produces the message:

Expecting an endpoint provided via either --os-endpoint or env[OS_SERVICE_ENDPOINT]

Which I would think would be covered by from the tutorial.

bcstodds gravatar imagebcstodds ( 2014-08-11 12:23:02 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-08-10 14:36:37 -0600

Seen: 7,118 times

Last updated: Aug 11 '14