Bug 987684

Summary: [RFE] Keystone with Kerberos authentication
Product: Red Hat OpenStack Reporter: Adam Young <ayoung>
Component: openstack-keystoneAssignee: Adam Young <ayoung>
Status: CLOSED ERRATA QA Contact: Jeremy Agee <jagee>
Severity: high Docs Contact:
Priority: high    
Version: 4.0CC: ajeain, ayoung, dpal, kbanerje, mlopes, nkinder
Target Milestone: Upstream M3Keywords: FutureFeature, TestOnly
Target Release: 4.0   
Hardware: Unspecified   
OS: Unspecified   
URL: http://docs.openstack.org/developer/keystone/external-auth.html
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-20 00:15:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 988935    
Bug Blocks: 975499    

Description Adam Young 2013-07-23 21:36:23 UTC
Configure Keystone to run in Apache HTTPD and requires Kerberos authentication 
(RH IdM is the simplest means)

Comment 1 Dmitri Pal 2013-07-23 21:47:57 UTC
How to test: use keystone with Apache mod_auth_krb5.

Comment 3 Adam Young 2013-07-31 23:24:15 UTC
This is a refinement of an earlier blueprint for handling REMOTE_USER, specific to using Kerberos.  The upstream commit was https://github.com/openstack/keystone/commit/e276d142541e2517484e5bc539a19a5495a1c679  but we did not explicitly test it.

Comment 4 Jeremy Agee 2013-11-26 22:15:53 UTC
Tests verified however when PKI tokens are in use BZ1035032 occurs for v3 token request.

Comment 6 Jeremy Agee 2013-12-10 16:28:00 UTC
for v3 test cases requesting pki tokens without the catalog. This is a workaround for the following issue that is unrelated to this feature.

https://bugzilla.redhat.com/show_bug.cgi?id=1035032

Tests passed

Comment 8 errata-xmlrpc 2013-12-20 00:15:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html