Bug 987684 - [RFE] Keystone with Kerberos authentication
[RFE] Keystone with Kerberos authentication
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone (Show other bugs)
Unspecified Unspecified
high Severity high
: Upstream M3
: 4.0
Assigned To: Adam Young
Jeremy Agee
: FutureFeature, TestOnly
Depends On: 988935
Blocks: RHOS40RFE
  Show dependency treegraph
Reported: 2013-07-23 17:36 EDT by Adam Young
Modified: 2016-04-27 00:35 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-12-19 19:15:04 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Adam Young 2013-07-23 17:36:23 EDT
Configure Keystone to run in Apache HTTPD and requires Kerberos authentication 
(RH IdM is the simplest means)
Comment 1 Dmitri Pal 2013-07-23 17:47:57 EDT
How to test: use keystone with Apache mod_auth_krb5.
Comment 3 Adam Young 2013-07-31 19:24:15 EDT
This is a refinement of an earlier blueprint for handling REMOTE_USER, specific to using Kerberos.  The upstream commit was https://github.com/openstack/keystone/commit/e276d142541e2517484e5bc539a19a5495a1c679  but we did not explicitly test it.
Comment 4 Jeremy Agee 2013-11-26 17:15:53 EST
Tests verified however when PKI tokens are in use BZ1035032 occurs for v3 token request.
Comment 6 Jeremy Agee 2013-12-10 11:28:00 EST
for v3 test cases requesting pki tokens without the catalog. This is a workaround for the following issue that is unrelated to this feature.


Tests passed
Comment 8 errata-xmlrpc 2013-12-19 19:15:04 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.