Comment 1 for bug 1563454

There is pretty good reasoning for having it enabled by default for v3 (it can't be disabled for v2, as documented in the following link), and we already have docs on how to enable it:

  http://docs.openstack.org/developer/keystone/external-auth.html#configuration

I'm not sure we can reasonably deprecate it, because I'd wager it's used quite heavily in some deployments.

All that said, perhaps we should be documenting that it should be explicitly disabled if you're using federation?