Keystone has the opportunity to work as an SSO there was a project on that and does have a plugin for LDAP not sure if this is something you are looking for. Also not sure if the SSO is on hold or still under dev.
Remo Inviato da iPhone () > Il giorno Jan 21, 2014, alle ore 5:58, Joe Topjian <j...@topjian.net> ha > scritto: > > Hello, > > One of the new features advertised in the Havana release of Keystone was > external authentication via REMOTE_USER. I'm beginning to assume that I > should take that at face value: Keystone has external auth, but that's it. > OpenStack as a whole cannot currently utilize it. > > Is this an incorrect assumption? > > For example, I set up Keystone behind Apache just like the developer docs > say. Everything worked. > > Now I wanted to test external authentication. Just for practice, I tried http > basic auth. I was successful in obtaining a token: > > curl --user joe:foobar -d '{"auth":{}}' -H "Content-type: application/json" > http://localhost:5000/v2.0/tokens > > But I don't think it's possible to use the command line tools (nova, glance > et al) to work with a single token. I also don't see how Horizon can utilize > an http-auth protected Keystone without modification. > > Am I wrong? If so, can someone point me to, at least, a proof of concept if > not a production example? > > Is it correct to say that if I want Keystone to authenticate users against an > unsupported/custom database while still retaining compatibility with all > other OpenStack components, then I should write a custom backend such as > described here: > > https://thestaticvoid.com/post/2013/06/04/customizing-the-openstack-keystone-authentication-backend/ > > > Thanks, > Joe > !DSPAM:1,52de8124286791426485421! > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,52de8124286791426485421!
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack