On 09/04/2012 09:36 AM, boden wrote: > Hi, > > I'm trying to better understand the current status of PKI > (http://wiki.openstack.org/PKI) and delegated authZ from a folsom > perspective. I can see the blueprint targets folsom-rc1, is marked as > implemented (https://blueprints.launchpad.net/keystone/+spec/pki) and > I've browsed some of the related code dropped into master. > > However its not clear to me exactly where this PKI support stands as I > haven't found any docs on setting up the services to use it, nor am I > seeing PKI based tokens used when I run with the latest keystone code. > > Is it safe to assume PKI will be supported for folsom and we will see > some updated docs in due time? If so will there be any known limitations? > > Thx much > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack at lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp The PKI token code is very new. As such, It has not been enabled by default. There are changes that have gone in to the master branch that are not available on Folsom 3 that are necessary to the proper functioning of PKI. I wrote to the Fedora cloud mailing list a quicjk blurb on testing them. http://www.spinics.net/linux/fedora/fedora-cloud/msg01644.html I will write up some more detailed steps for general usage.