On Thu, Jun 20, 2013 at 9:47 PM, Adam Young ayo...@redhat.com wrote:
PKI based Tokens can be verified without talking to Keystone. See the
auth_token middleware and cms.py files in python-keystoneclient to see how
that is done.
I will look into it. Thanks a lot!
Hi,
I'm new to OpenStack. I'm looking at deploying two 3rd party services along
OpenStack and would like to use Keystone for they authentication mechanism.
Service A will authenticate and get a token from keystone and use it for
REST requests to service B. Those two services don't use WSGI, just
AFAIK, that is right we need admin privileges to check validity.
Other thing which is surprising, if a service creates a token.. it requires
admin privileges to delete that token. I would not expect all services to
be aware of admin credentials.
Thanks,
-Ravi.
On Thu, Jun 20, 2013 at 12:36 PM,
Thanks Ravi and Haitao.
The only workaround I found is to create a new token from the one I
want to validate with:
curl -X POST -d '{ auth:{ token:{ id:non-admin-token },
tenantName:testproject }}' -H Content-Type:application/json -H
Accept: application/json http://localhost:5000/v2.0/tokens |
We are moving to an RBAC system for enforcing access to the APIs. So,
where as in the past we enforced is admin when checking a token, in
the future, you can specify your own policy rule.
PKI based Tokens can be verified without talking to Keystone. See the
auth_token middleware and cms.py
5 matches
Mail list logo