Bug 1126865

Summary: Cannot Use existing auth plugins with new methods
Product: Red Hat OpenStack Reporter: Nathan Kinder <nkinder>
Component: openstack-keystoneAssignee: Adam Young <ayoung>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Abrams <mabrams>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 5.0 (RHEL 6)CC: aberezin, ajeain, ayoung, rhos-flags, yeylon
Target Milestone: z3Keywords: TestOnly, ZStream
Target Release: 6.0 (Juno)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-04-08 17:30:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1126594    

Description Nathan Kinder 2014-08-05 13:35:10 UTC
Auth plugins hard code the "method" that is used to name them in the config file. This prevents reuse, and forces a new Plugin for each mod_auth mechanism in Apache HTTPD. Since there is already a handful of "external" plugins, we will have a cross-preoduct of auth plugins; one for each mechanism X mapping scheme.

This was discussed at the Hackathon

From: https://etherpad.openstack.org/p/keystone-juno-hackathon

Remove method name from auth plugins (so the method name is owned by keystone.conf)

One place where this shows up is that the "kerberos" method requires a new AuthPlugin for existing functionality, such as using the Default Domain. The same is true for SAML, or OpenID connect.

Comment 4 Lon Hohberger 2015-04-08 17:30:29 UTC
This has been fixed since GA of Red Hat Enterprise Linux OpenStack Platform 6.