[openstack-dev] Keystone authZ/N options
Dolph Mathews
dolph.mathews at gmail.com
Thu Feb 14 04:55:44 UTC 2013
On Wed, Feb 13, 2013 at 10:09 PM, Nathanael Burton <
nathanael.i.burton at gmail.com> wrote:
>
> On Feb 13, 2013 8:07 PM, "Rick Richardson" <rick.richardson at gmail.com>
> wrote:
> >
> > The docs on keystone mention that Keystone can support 2-way SSL. Does
> this mean between keystone and a service? or Keystone and a user? If it is
> to a user, what is the criteria by which it validates the user's cert?
>
> The docs here describe setting up external auth to use client cert
> information for the authentication:
>
> http://docs.openstack.org/developer/keystone/external-auth.html
>
> >
> > Also, would something like this be compatible with LDAP to indicate
> role/tenancy membership?
> >
> > Speaking of LDAP, the docs seem rather light, has anyone successfully
> used it in production? I saw Adam Young's post from a year ago which seems
> promising. Is it going to be supported going forward?
> >
>
Yes, CERN uses it against an existing AD infrastructure, for example. The
best documentation AFAIK is probably keystone.conf.sample, which has some
reasonable defaults for LDAP to get you going.
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130213/2cb60a13/attachment.html>
More information about the OpenStack-dev
mailing list