yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1255335] Re: v2 token request always allow external auth method

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Adam Young <1255335@xxxxxxxxxxxxxxxxxx>
Date: Thu, 05 Dec 2013 18:54:17 -0000
Reply-to: Bug 1255335 <1255335@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1255335

Title:
  v2 token request always allow external auth method

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  Using external kerberos auth with httpd and ticket with curl requests.

  keystone.conf
  [auth]
  methods = password,token

  v2 token request:
  curl --negotiate -u : -H "Content-type: application/json" -d '{"auth": {"tenantName": "tester"}}'  http://keystone-krb5.lab.eng.rdu2.redhat.com:5000/v2.0/tokens

  Successfully obtains a token.

  v3 token request:
  curl --negotiate -u : -H "Content-type: application/json" -d '{"auth": {"identity": {"methods": []},"scope": {"project": {"domain": {"name": "Default"},"name": "tester"}}}}' http://keystone-krb5.lab.eng.rdu2.redhat.com:5000/v3/auth/tokens

  Correctly handles the request with:
  "message": "Attempted to authenticate with an unsupported method."

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1255335/+subscriptions