Correct the config default for delay_auth_decision

Updated proxy-server.conf-sample with the correct default. Also
updated the note on the overview-auth doc page.

Change-Id: I5cd62a7a118a28f7b58f47b8d8d4d963f6bc7347

doc/source/overview_auth.rst

@@ -161,6 +161,7 @@ add the configuration for the authtoken middleware::
   auth_uri = http://keystonehost:5000/
   cache = swift.cache
   include_service_catalog = False
+  delay_auth_decision = True
 
 The actual values for these variables will need to be set depending on
 your situation, but in short:
@@ -187,10 +188,10 @@ your situation, but in short:
 
 .. note::
 
-    If support is required for unvalidated users (as with anonymous
-    access or making capabilities requests using :ref:`discoverability`) or
-    for tempurl/formpost middleware, authtoken will need
-    to be configured with delay_auth_decision set to 1.
+    The authtoken config variable ``delay_auth_decision`` must be set to
+    ``True``. The default is ``False``, but that breaks public access,
+    :ref:`staticweb`, :ref:`formpost`, :ref:`tempurl`, and authenticated
+    capabilities requests (using :ref:`discoverability`).
 
 and you can finally add the keystoneauth configuration::
 

etc/proxy-server.conf-sample

@@ -272,7 +272,12 @@ user_test_tester3 = testing3
 # admin_tenant_name = service
 # admin_user = swift
 # admin_password = password
-# delay_auth_decision = 1
+#
+# delay_auth_decision defaults to False, but leaving it as false will
+# prevent other auth systems, staticweb, tempurl, formpost, and ACLs from
+# working. This value must be explicitly set to True.
+# delay_auth_decision = False
+#
 # cache = swift.cache
 # include_service_catalog = False
 #