> -----Original Message----- > From: rohityada...@gmail.com [mailto:rohityada...@gmail.com] On Behalf > Of Rohit Yadav > Sent: 04 April 2013 2:52 PM > To: dev@cloudstack.apache.org > Cc: cloudstack-...@incubator.apache.org > Subject: Re: CloudStack UI Authentication Mechanism > > On Thu, Apr 4, 2013 at 4:50 PM, Donal Lafferty > <donal.laffe...@citrix.com>wrote: > > > I noticed that the CloudStack UI allows VM control to accounts that > > don't have an API key set defined. > > > > How does its authentication mechanism work? E.g. > > > > > > 1. How are API calls authenticated and authorized if they > > are not signed with API keys? > > > > On integration port, defined in the global settings, 8096 generally there is > no > authentication done, user is admin has max. power. > [Donal Lafferty] Okay, but the UI doesn't usually go over 8096. How does it work when its not bypassing authentication?
> > > > > 2. Does this work equally well when LDAP is to > > authenticate username / password? > > > > Abhi can comment on this one. > > Cheers. > > > > > > > > DL > > > > > >