[openstack-dev] Move keypair management out of Nova and into Keystone?

Joe Gordon joe.gordon0 at gmail.com
Mon Jul 1 17:07:46 UTC 2013

We should not remove it from the v3 API until we know this will be
supported by keystone in Havana.


sent on the go
On Jul 1, 2013 6:25 PM, "Mauro S M Rodrigues" <maurosr at linux.vnet.ibm.com>

> +1.. make sense to me, I always thought that was weird hehe
> Say the word and we will remove it from v3.
> On 07/01/2013 01:02 PM, Russell Bryant wrote:
>> On 07/01/2013 11:47 AM, Jay Pipes wrote:
>>> Recently a colleague asked me whether their key pair from one of our
>>> deployment zones would be usable in another deployment zone. His
>>> identity credentials are shared between the two zones (we use a shared
>>> identity database) and was wondering if the key pairs were also shared.
>>> I responded that no, they were not, because Nova, not Keystone, manages
>>> key pairs. But that got me thinking.... is it time to change this?
>>> Key pairs really are an element of identity/authentication, and not
>>> specific to OpenStack Compute. Has there been any talk of moving the key
>>> pair management API out of Nova and into Keystone?
>> I haven't heard any talk about it, but it does seem to make sense.
> ______________________________**_________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.**org <OpenStack-dev at lists.openstack.org>
> http://lists.openstack.org/**cgi-bin/mailman/listinfo/**openstack-dev<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130701/99300a15/attachment.html>

More information about the OpenStack-dev mailing list