Auth plugins hard code the "method" that is used to name them in the config file. This prevents reuse, and forces a new Plugin for each mod_auth mechanism in Apache HTTPD. Since there is already a handful of "external" plugins, we will have a cross-preoduct of auth plugins; one for each mechanism X mapping scheme. This was discussed at the Hackathon From: https://etherpad.openstack.org/p/keystone-juno-hackathon Remove method name from auth plugins (so the method name is owned by keystone.conf) One place where this shows up is that the "kerberos" method requires a new AuthPlugin for existing functionality, such as using the Default Domain. The same is true for SAML, or OpenID connect.
This has been fixed since GA of Red Hat Enterprise Linux OpenStack Platform 6.