yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #87480
[Bug 1947870] [NEW] Keystone Kerberos auth broken when delegate to HTTP
Public bug reported:
Keystone Kerberos works well when you openstack client
can dialog with yours KDC.
However when KDC is hidden, it's not accessible by our
users directly so we need to delegate the auth Kerberos
to HTTP to get Keystone token, that's why we use curl command.
>From the Openstack client cli we get "Negotiate"
as auth_type -> it's works. Nonetheless with curl we get "Basic"
as auth_type -> raised error.
That's why we proposed to add "Basic" as authorized method for Kerberos.
https://review.opendev.org/c/openstack/keystone/+/814770
Patchset: 1efc0c5c6730c9066f47edf953bf805aec0fd3c0
** Affects: keystone
Importance: Undecided
Status: New
** Tags: http kerberos keystone negotiate train
** Tags added: kerberos keystone train
** Tags added: http negotiate
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1947870
Title:
Keystone Kerberos auth broken when delegate to HTTP
Status in OpenStack Identity (keystone):
New
Bug description:
Keystone Kerberos works well when you openstack client
can dialog with yours KDC.
However when KDC is hidden, it's not accessible by our
users directly so we need to delegate the auth Kerberos
to HTTP to get Keystone token, that's why we use curl command.
From the Openstack client cli we get "Negotiate"
as auth_type -> it's works. Nonetheless with curl we get "Basic"
as auth_type -> raised error.
That's why we proposed to add "Basic" as authorized method for Kerberos.
https://review.opendev.org/c/openstack/keystone/+/814770
Patchset: 1efc0c5c6730c9066f47edf953bf805aec0fd3c0
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1947870/+subscriptions