[Openstack] Radius scalability
Van Leeuwen, Robert
rovanleeuwen at ebay.com
Wed Apr 19 11:23:40 UTC 2017
>Hi Robert,
>
> I saw your proposal about keystone middleware
>for Radius and OpenStack integration from the last year’s discussion,
>
>do you know about the progress in this area,
>maybe someone has already done the scalability evaluation?
>
>My idea atm is to use Radius with TripleO.
Hi Nikolay,
I guess you a referencing this reply I gave at some ploint ???
> You can write your own keystone middleware to authenticate with.
> There is a nice doc about that here:
> http://docs.openstack.org/developer/keystone/external-auth.html
>
> Note that if you use external_auth as in the example it will only take over the authentication:
> The user will still need to exist in keystone and roles need to be assigned in the keystone backend.
>
> For a "fully integrated” solution you will have to look at LDAP afaik.
As I mentioned you can build your own login integration if you are comfortable with python.
The login integration part is super easy, just set a REMOTE_USER if an authentication succeeded.
The hard part is managing the users/groups in keystone.
You will need to write some kind of sync creating users/tenants and giving/revoking appropriate access in keystone.
I am not sure if anybody made this for radius and would be willing to share that.
You might also want to search for/ look at keystone federation.
Cheers,
Robert van Leeuwen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170419/2f158dd1/attachment.html>
More information about the Openstack
mailing list