openstack team mailing list archive

Thread
Date

Re: [keystone] Encryption based user authentication in keystone

To: Koert van der Veer <koert@xxxxxxxxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
From: "Yee, Guang" <guang.yee@xxxxxx>
Date: Mon, 28 Jan 2013 19:20:20 +0000
Accept-language: en-US
In-reply-to: <51064686.1090007@cloudvps.com>
Thread-index: AQHN/TsgrnwMhXw8Gkqm1kzB0Gc6m5hfGs1w
Thread-topic: [Openstack] [keystone] Encryption based user authentication in keystone

Only password and token authentications are natively supported (by default)
at the moment. There are also signature-based authentication APIs like ec2
and s3 available as extensions. Other mechanisms such as two-way SSL and
external authentication via a web frontend is also possible?

In v3, we should like to introduce authn plugin capability as well. Do you
want to share your use case so we can discuss possible solutions?


Guang


-----Original Message-----
From: openstack-bounces+guang.yee=hp.com@xxxxxxxxxxxxxxxxxxx
[mailto:openstack-bounces+guang.yee=hp.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of
Koert van der Veer
Sent: Monday, January 28, 2013 1:36 AM
To: openstack@xxxxxxxxxxxxxxxxxxx
Subject: [Openstack] [keystone] Encryption based user authentication in
keystone

I vaguely remember some chatter on the last summit about using something
other than passwords for user authentication in keystone. However, looking
at the sourcecode and blueprints I can't seem to find this feature. I see a
lot of encryption-based in tokens, but not between the end-user and
keystone.

Are there any plans in that direction, or should I be rolling my own
solution?

Attachment: smime.p7s
Description: S/MIME cryptographic signature

References

[keystone] Encryption based user authentication in keystone
From: Koert van der Veer, 2013-01-28