Bug 1041934 - [RFE][keystone]: Add new v3 resource to provide for Kerberos authentication
Summary: [RFE][keystone]: Add new v3 resource to provide for Kerberos authentication
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: RFEs
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact:
URL: https://blueprints.launchpad.net/keys...
Whiteboard: upstream_milestone_none upstream_stat...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-12 20:09 UTC by RHOS Integration
Modified: 2015-03-19 17:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-19 17:27:47 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-12 20:09:28 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/kerberos-authentication.

Description:

Kerberos is expensive to perform on every request. A special resource should be created so mod_auth_kerb can be configured to authenticate using Kerberos. Subsequent commands can use the existing authentication token (preferably stored in a python-keyring) until it expires. Keystone is already aware when it doesn't have a valid token and will automatically retrieve authentication via the /tokens resource. It is proposed that a /tokens/kerberos resource be created and mod_auth_kerb be configured to require Negotiate authentication on that. The response will be similar to that of a username/password authentication, either a 401 or an X-Auth-Token.

Specification URL (additional information):

https://etherpad.openstack.org/keystone-kerberos-authentication
Note You need to log in before you can comment on or make changes to this bug.