openstack team mailing list archive

[Adam Young <ayoung@xxxxxxxxxx>]

Actually, this isn't trusts, if I understand it correctly, but rather 
the REMOTE_USER patch that went in earlier.

THe short version is that you run keystone in Apache, and set up strong 
authentication in Apache.  REMOTE_USER is from the wsgi (Python CGI) 
contract.  It is the variable set by Apache and sent to Keystone saying 
the username of the authenticated user.

Will that work for you?


On 02/06/2013 09:58 AM, Dolph Mathews wrote:
> Adam Young is working on introducing delegation in grizzly: 
> https://blueprints.launchpad.net/keystone/+spec/trusts
>
> I'm sure he'd appreciate some help if you'd like to contribute!
>
>
> -Dolph
>
>
> On Wed, Feb 6, 2013 at 8:54 AM, Mballo Cherif 
> <Cherif.Mballo@xxxxxxxxxxx <mailto:Cherif.Mballo@xxxxxxxxxxx>> wrote:
>
>     Hi everybody !
>
>     I am wondering if it's possible to delegate keystone
>     Authentication to an Authentication against a  server (I have one
>     Strong Authentication server) or an Identity Provider?
>
>     If I make modification on keystoneclient code it may be possible?
>
>     Any ideas? Please help me!
>
>     Thanks !
>
>     Sherif!
>
>
>     _______________________________________________
>     Mailing list: https://launchpad.net/~openstack
>     <https://launchpad.net/%7Eopenstack>
>     Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>     <mailto:openstack@xxxxxxxxxxxxxxxxxxx>
>     Unsubscribe : https://launchpad.net/~openstack
>     <https://launchpad.net/%7Eopenstack>
>     More help   : https://help.launchpad.net/ListHelp
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp