[openstack-dev] Move keypair management out of Nova and into Keystone?

Mauro S M Rodrigues maurosr at linux.vnet.ibm.com
Mon Jul 1 16:23:44 UTC 2013

+1.. make sense to me, I always thought that was weird hehe
Say the word and we will remove it from v3.

On 07/01/2013 01:02 PM, Russell Bryant wrote:
> On 07/01/2013 11:47 AM, Jay Pipes wrote:
>> Recently a colleague asked me whether their key pair from one of our
>> deployment zones would be usable in another deployment zone. His
>> identity credentials are shared between the two zones (we use a shared
>> identity database) and was wondering if the key pairs were also shared.
>> I responded that no, they were not, because Nova, not Keystone, manages
>> key pairs. But that got me thinking.... is it time to change this?
>> Key pairs really are an element of identity/authentication, and not
>> specific to OpenStack Compute. Has there been any talk of moving the key
>> pair management API out of Nova and into Keystone?
> I haven't heard any talk about it, but it does seem to make sense.

More information about the OpenStack-dev mailing list