← Back to team overview

openstack team mailing list archive

Re: Keystone PKI support

 

On 09/04/2012 09:36 AM, boden wrote:
Hi,

I'm trying to better understand the current status of PKI
(http://wiki.openstack.org/PKI) and delegated authZ from a folsom
perspective. I can see the blueprint targets folsom-rc1, is marked as
implemented (https://blueprints.launchpad.net/keystone/+spec/pki) and
I've browsed some of the related code dropped into master.

However its not clear to me exactly where this PKI support stands as I
haven't found any docs on setting up the services to use it, nor am I
seeing PKI based tokens used when I run with the latest keystone code.

Is it safe to assume PKI will be supported for folsom and we will see
some updated docs in due time? If so will there be any known limitations?

Thx much


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

The PKI token code is very new. As such, It has not been enabled by default. There are changes that have gone in to the master branch that are not available on Folsom 3 that are necessary to the proper functioning of PKI.

I wrote to the Fedora cloud mailing list a quicjk blurb on testing them.

http://www.spinics.net/linux/fedora/fedora-cloud/msg01644.html

I will write up some more detailed steps for general usage.




References