Comment 5 for bug 1643422

Jamie Lennox (jamielennox) wrote :

This is how auth_token middleware has worked for a while now. It uses the auth_url to authenticate with keystone and then the keystone url is determined from the catalog returned with the glance user's token.

auth_uri is unfortunately named but ends up in headers of 401 messages telling users where to go to authenticate.

Any situation where keystone.example.org is in your service catalog is going to/should end up with a broken cloud.