Exactly 從我的 iPhone 傳送
Brian Ipsen <brian.ip...@ryesgade47c.dk> 於 2013/1/21 下午4:55 寫道: > Hi, > > Just to clear things up: > > I am still trying to figure out how the different components interact, and > exactly what the different parameters on the keystone command does. Once I > get that understanding, things will probably be much easier J > [Reply] > Yes , that's the keypoint. You must understand the workflow. > My assumption is your proxy pipline is using tokenauth and keystone even > swift-auth . > The full request workflow is : > client send username/password --> keystone verify it --> return token and > service(swift) url to client --> client use returned url and token to > swift-proxy --> proxy verify the token by asking keystone immediately ---> > keystone confirmed it with several information includes role etc. --> the > request pass the token-auth filter --> check the role with swift-auth > middleware --> do the operation for user --> returned the result(status) > > So the client contacts the keystone server first(directly) - on the URL it is > listening on (NAT'ed from public network)? Keystone returns tokenand service > URL - and then the client connects to the proxy using the token ? > > Regards > Brian >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp