Comment 8 for bug 1522616

We discussed this a bit in the #openstack-keystone channel [0].

We can do one of two things, as a result of that conversation.

1.) We can continue with a way to make sure the default domain specified in the configuration file can't be disabled.

2.) We allow the disablement of the default domain, knowing and advertising that this will break the entire v2.0 api. The work-around can be added to re-enable the default domain, and this would have to live within the keystone-manage functionality. Something like `keystone-manage enable_default_domain` or whatever. This wouldn't be tied to authentication, because at the point where the default domain has been disabled, you won't be able to re-enable it operating within that domain.

Thoughts on these two options?

[0] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2016-01-06.log.html#t2016-01-06T21:08:57