On 03/31/2015 08:06 PM, Mathieu Gagné wrote:
Hi,
Lets say I wish to use an existing enterprise LDAP service to manage my
OpenStack users so I only have one place to manage users.
How would you manage authentication and credentials from a security
point of view? Do you tell your users to use their enterprise
credentials or do you use an other method/credentials?
The reason is that (usually) enterprise credentials also give access to
a whole lot of systems other than OpenStack itself. And it goes without
saying that I'm not fond of the idea of storing my password in plain
text to be used by some scripts I created.
What's your opinion/suggestion? Do you guys have a second credential
system solely used for OpenStack?
Better options are to use Kerberos or X509 Client cert driven off your
Directory account.
SAML for as SSO to Keystone is also viable.
YOu can do S4U2 Proxy to talk to Horizon and get a token for the user
indirectly..
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
