Thanks a lot for taking out time and replying back Tim. Will let you know if i have any further questions.
On Tue, Feb 24, 2015 at 1:22 PM, Tim Bell <tim.b...@cern.ch> wrote: > You may also get some information from how we set up Kerberos at CERN at > http://openstack-in-production.blogspot.fr/2014/10/kerberos-and-single-sign-on-with.html > > > > From my understanding, the only connection is between Keystone and KDC. > There is a standard Keystone token issues based off the Kerberos ticket and > the rest is the same as if a password had been supplied. > > > > Tim > > > > *From:* Sanket Lawangare [mailto:sanket.lawang...@gmail.com] > *Sent:* 24 February 2015 19:53 > *To:* openstack-dev@lists.openstack.org > *Subject:* [openstack-dev] Kerberos in OpenStack > > > > Hello Everyone, > > > > My name is Sanket Lawangare. I am a graduate Student studying at The > University of Texas, at San Antonio.* For my Master’s Thesis I am working > on the Identity component of OpenStack. My research is to investigate > external authentication with Identity(keystone) using Kerberos.* > > > > Based on reading Jammie lennox's Blogs on Kerberos implementation in > OpenStack and my understanding of Kerberos I have come up with a figure > explaining possible interaction of KDC with the OpenStack client, keystone > and the OpenStack services(Nova, Cinder, Swift...). > > These are the Blogs - > > > http://www.jamielennox.net/blog/2015/02/12/step-by-step-kerberized-keystone/ > > http://www.jamielennox.net/blog/2013/10/22/keystone-token-binding/ > > I am trying to understand the working of Kerberos in OpenStack. > > > > Please click this link to view the figure: > https://docs.google.com/drawings/d/1re0lNbiMDTbnkrqGMjLq6oNoBtR_GA0x7NWacf0Ulbs/edit?usp=sharing > > > > P.S. - [The steps in this figure are self explanatory the basic > understanding of Kerberos is expected] > > > > Based on the figure i had couple of questions: > > > > 1. Is Nova or other services registered with the KDC? > > > > 2. What does keystone do with Kerberos ticket/credentials? Does > Keystone authenticates the users and gives them direct access to other > services such as Nova, Swift etc.. > > > > 3. After receiving the Ticket from the KDC does keystone embed some > kerberos credential information in the token? > > > > 4. What information does the service (e.g.Nova) see in the Ticket and > the token (Does the token have some kerberos info or some customized info > inside it?). > > > > If you could share your insights and guide me on this. I would be really > appreciate it. Thank you all for your time. > > > > Regards, > > Sanket Lawangare > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev