Ask Your Question

authorization failed (keystone logs)

asked 2015-07-30 22:14:03 -0500

celius202 gravatar image


Occasionally keystone logs shows

DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. process_request /usr/lib/python2.7/site-packages/keystone/middleware/
INFO keystone.common.wsgi [-] POST /tokens?
WARNING keystone.common.wsgi [-] Authorization failed. Invalid user / password (Disable debug mode to suppress these details.) (Disable debug mode to suppress these details.) from

I really wonder who causes this problem and want to know how to fix it. Anyone help?

edit retag flag offensive close merge delete


You are running keystone in debug set to true so you may see a lot more than you need to. Is this halting you from doing anything, have you possibly changed a password for a service account or left a script running with bad creds maybe. Try looking at the line of code it's referencing.

omar-munoz gravatar imageomar-munoz ( 2015-07-31 11:42:44 -0500 )edit

@Omar, do you recommend a solution to this issue ? I have been facing it for the past three days ...

SyCode7 gravatar imageSyCode7 ( 2016-04-12 06:41:43 -0500 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2015-08-25 23:50:54 -0500

jianzj gravatar image

From log content, it has been shown that "Invalid user / password", and in source code, you could find logic in ./keystone/identity/backends/ , this problem may be your user does not exist or your password is not correct.

I have one suggestion, suppose your keystone service works well.

You could use ADMIN_TOKEN to check if this user does exist. ADMIN_TOKEN is in the configuration file, "/etc/keystone/keystone.conf", and you could get it from "admin_token" , if it is commented, please remove the comment to enable it.

Then , I suppose you could use python-openstackclient, run command : openstack --os-token $admin_token --os-url http://$IP:5000/v3 --os-identity-api-version 3 user list

to check .

If this user does exist, you could also use admin token to reset this password, to run command openstack --os-token $admin_token --os-url http://$IP:5000/v3 --os-identity-api-version 3 user set

There are some parameters that need to be set, you could run "openstack help user set" for help.

Or you just recreate a new user.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-07-30 22:14:03 -0500

Seen: 1,815 times

Last updated: Aug 25 '15