>
>Hello folks,
>
>I was wondering if you let me know if enabling keystone to listen on public
>interface for ports 5000 and 35357 is considered as a normal practice. Example
>if a customer wants to authenticate not via horizon or some other proxy but
>setting up OS_AUTH_URL=http://blah
On 04/13/2016 07:46 PM, Serguei Bezverkhi (sbezverk) wrote:
> Hello folks,
>
> I was wondering if you let me know if enabling keystone to listen on public
> interface for ports 5000 and 35357 is considered as a normal practice.
> Example if a customer wants to authenticate not via horizon or
Serguei,
You should check with your security team. Normally, they will have a strong
opinion on this configuration. In many cases, the public interfaces is the one
enabled SSL and the internal one is not and indeed is a common practice.
Edgar
On 4/13/16, 7:46 PM, "Serguei Bezverkhi
