<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 05/19/2016 07:40 AM, Rodrigo Duarte
wrote:<br>
</div>
<blockquote
cite="mid:CAAJsUK+6hhgzW5s5rCCpGTxB5PCBfyyFGzV78_GFUn28DVhetQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>Hi,<br>
<br>
</div>
So you are trying to use keystone to authorize your users, but
want to avoid having to authenticate via keystone, right?<br>
<br>
</div>
Check if the Federated Identity feature [1] covers your use
case.<br>
<br>
[1] <a moz-do-not-send="true"
href="http://docs.openstack.org/security-guide/identity/federated-keystone.html">http://docs.openstack.org/security-guide/identity/federated-keystone.html</a><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, May 19, 2016 at 8:27 AM,
OpenStack Mailing List Archive <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:corpqa@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:corpqa@gmail.com">corpqa@gmail.com</a></a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Link: <a moz-do-not-send="true"
href="https://openstack.nimeyo.com/85057/?show=85057#q85057"
target="_blank">https://openstack.nimeyo.com/85057/?show=85057#q85057</a><br>
From: imocha <<a moz-do-not-send="true"
href="mailto:Imocha@gmail.com" target="_blank">Imocha@gmail.com</a>><br>
<br>
<p>I have to call the keystone APIs and want to use the
windows authentication using Active Directory. Keystone
provides integration with AD at the back end. To get the
initial token to use OpenStack APIs, I need to pass user
name and password in the keystone token creation api. </p>
<p>Since I am already logged on to my windows domain, is
there any way that I can get the token without passing
the password in the api.</p>
</blockquote>
</div>
</div>
</div>
</blockquote>
Yes, use SSSD and Mod_Lookup_Identity:<br>
<br>
<a class="moz-txt-link-freetext" href="https://adam.younglogic.com/2014/05/keystone-federation-via-mod_lookup_identity/">https://adam.younglogic.com/2014/05/keystone-federation-via-mod_lookup_identity/</a><br>
<br>
<br>
<blockquote
cite="mid:CAAJsUK+6hhgzW5s5rCCpGTxB5PCBfyyFGzV78_GFUn28DVhetQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage
questions)<br>
Unsubscribe: <a moz-do-not-send="true"
href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe"
rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font color="#666666">Rodrigo
Duarte Sousa<br>
</font></div>
<div><font color="#666666">Senior Quality
Engineer @ Red Hat<br>
</font></div>
<div dir="ltr">
<div>
<div><span
style="color:rgb(102,102,102)">MSc</span><span
style="color:rgb(102,102,102)"></span><span
style="color:rgb(102,102,102)"> in
Computer Science</span><br>
<font color="#3333ff"><a
moz-do-not-send="true"
href="http://rodrigods.com"
target="_blank"><a class="moz-txt-link-freetext" href="http://">http://</a><font
color="#3333ff">rodrigods.com</font></a></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>