On 07/13/2015 09:40 PM, Li, Chen wrote:
Hi mike,

Thanks, this is very helpful.

Summary:

1. The purpose of admin user & proxy user are the same =>  to work without user's 
own username & password.

sort of, the proxy user is to work without the user's credentials, whereas the admin user needs a trust to operate on the user's project resources (clusters).

2. For transient cluster, what sahara need is to be able to operate.

correct.

3. For swift access , using user's own credentials is not safe.  Because the credentials  
is not used by sahara only, it will appear in "user space" (on the cluster 
nodes) at end.
     Using admin user is silly, doesn't gain any benefit, but create a more 
huge risk.

correct.

=>  proxy user must(better to) use proxy user, for security reason.
=>  transient cluster can work both way, but proxy user introduce extra effect 
which is not nessary, so admin user is enough.

i would say that is accurate.

mike

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to