← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #08628

[Bug 1253484] Re: external authentication v2 and v3 mismatch

  Thread PreviousDate PreviousThread Next 
** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => icehouse-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1253484

Title:
  external authentication v2 and v3 mismatch

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  This is regarding external auth handling between v2 and v3.

  I want to write an external auth handler that supports email addresses
  as user names and works with both v2 and v3. It has to set REMOTE_USER
  to something. My users are named like blk@xxxxxxx, and domain is just
  the default.

  External auth handling for v2 doesn't do anything with @ [0]. So I'd
  set the REMOTE_USER to blk@xxxxxxx and it'll work with v2, but
  blk@xxxxxxx@default will not work.

  External auth handling for v3 with the Default external auth handler
  removes everything after first @ [1]. So I'd set the REMOTE_USER to
  blk@xxxxxxx@domain and it'll work, but blk@xxxxxxx doesn't.

  ExternalDefault external auth handler requires @ [2]. So I'd set the
  REMOTE_USER to blk@xxxxxxx@domain, but blk@xxxxxxx doesn't.

  So to summarize, v2 will work with blk@xxxxxxx, but v3 doesn't. V3
  will work with blk@xxxxxxx@domain but that doesn't work with v2.

  So I'm not sure how an external auth handler is supposed to be written
  that supports email addresses and both v2 and v3 auth.

  [0]
  http://git.openstack.org/cgit/openstack/keystone/tree/keystone/token/controllers.py?id=2ab2c624353067ba0989720414e5cde2d4792bcc#n290

  [1]
  http://git.openstack.org/cgit/openstack/keystone/tree/keystone/auth/plugins/external.py?id=2ab2c624353067ba0989720414e5cde2d4792bcc#n70

  [2]
  http://git.openstack.org/cgit/openstack/keystone/tree/keystone/auth/plugins/external.py?id=2ab2c624353067ba0989720414e5cde2d4792bcc#n86

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1253484/+subscriptions
  Thread PreviousDate PreviousThread Next