>Hi Robert, > > I saw your proposal about keystone middleware >for Radius and OpenStack integration from the last year’s discussion, > >do you know about the progress in this area, >maybe someone has already done the scalability evaluation? > >My idea atm is to use Radius with TripleO.
Hi Nikolay, I guess you a referencing this reply I gave at some ploint ??? > You can write your own keystone middleware to authenticate with. > There is a nice doc about that here: > http://docs.openstack.org/developer/keystone/external-auth.html > > Note that if you use external_auth as in the example it will only take over > the authentication: > The user will still need to exist in keystone and roles need to be assigned > in the keystone backend. > > For a "fully integrated” solution you will have to look at LDAP afaik. As I mentioned you can build your own login integration if you are comfortable with python. The login integration part is super easy, just set a REMOTE_USER if an authentication succeeded. The hard part is managing the users/groups in keystone. You will need to write some kind of sync creating users/tenants and giving/revoking appropriate access in keystone. I am not sure if anybody made this for radius and would be willing to share that. You might also want to search for/ look at keystone federation. Cheers, Robert van Leeuwen
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
