[openstack-dev] Move keypair management out of Nova and into Keystone?
Jay Pipes
jaypipes at gmail.com
Mon Jul 1 15:47:59 UTC 2013
Recently a colleague asked me whether their key pair from one of our
deployment zones would be usable in another deployment zone. His
identity credentials are shared between the two zones (we use a shared
identity database) and was wondering if the key pairs were also shared.
I responded that no, they were not, because Nova, not Keystone, manages
key pairs. But that got me thinking.... is it time to change this?
Key pairs really are an element of identity/authentication, and not
specific to OpenStack Compute. Has there been any talk of moving the key
pair management API out of Nova and into Keystone?
Thanks!
-jay
More information about the OpenStack-dev
mailing list