Re: [openstack-dev] extending keystone identity

Mon, 27 Jan 2014 19:06:47 -0800 

Dolph, I appreciate the response and pointing me in the right direction.
Here's what I have so far:
<imports here>







CONF = config.CONF
LOG = logging.getLogger(__name__)


class Identity(identity.Driver):
    def __init__(self):
        super(Identity, self).__init__()
        LOG.debug('My authentication module loaded')


    def authenticate(self, user_id, password, domain_scope=None):
        LOG.debug('in authenticate method')
When I request a user-list via the python-keystoneclient, we never make it into 
the authenticate method (as is evident by the missing debug log).
Any thoughts on why I'm not hitting this method?

From: dolph.math...@gmail.com
Date: Mon, 27 Jan 2014 18:14:50 -0600
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] extending keystone identity

_check_password() is a private/internal API, so we make no guarantees about 
it's stability. Instead, override the public authenticate() method with 
something like this:
    def authenticate(self, user_id, password, domain_scope=None):

        if user_id in SPECIAL_LIST_OF_USERS:           # compare against value 
from keystone.conf           pass        else:            return 
super(CustomIdentityDriver, self).authenticate(user_id, password, domain_scope)


On Mon, Jan 27, 2014 at 3:27 PM, Simon Perfer <simon.per...@hotmail.com> wrote:





I'm looking to create a simple Identity driver that will look at usernames. A 
small number of specific users should be authenticated by looking at a 
hard-coded password in keystone.conf, while any other users should fall back to 
LDAP authentication.


I based my original driver on what's found here:
http://waipeng.wordpress.com/2013/09/30/openstack-ldap-authentication/


As can be seen in the github code 
(https://raw.github.com/waipeng/keystone/8c18917558bebbded0f9c588f08a84b0ea33d9ae/keystone/identity/backends/ldapauth.py),
 there's a _check_password() method which is supposedly called at some point.


I've based my driver on this ldapauth.py file, and created an Identity class 
which subclasses sql.Identity. Here's what I have so far:








CONF = config.CONF
LOG = logging.getLogger(__name__)


class Identity(sql.Identity):
    def __init__(self):
        super(Identity, self).__init__()
        LOG.debug('My authentication module loaded')




    def _check_password(self, password, user_ref):
        LOG.debug('Authenticating via my custom hybrid authentication')


        username = user_ref.get('name')
























        LOG.debug('Username = %s' % username)


I can see from the syslog output that we never enter the _check_password() 
function.

Can someone point me in the right direction regarding which function calls the 
identity driver? Also, what is the entry function in the identity drivers? Why 
wouldn't check_password() be called, as we see in the github / blog example 
above?


THANKS!                                           

_______________________________________________

OpenStack-dev mailing list

OpenStack-dev@lists.openstack.org

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev





_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev               
                          
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to