Hi, I am currently evaluating Opennebula 3.0 for use within our organization, and one of our security requirements is that all our systems use Kerberos authentication where possible.
I my current deployment scenario, users will be interacting with opennebula via sunstone. I see that currently sunstone supports normal form based authentication, and x509 authentication where you rely on apache/lighthttpd/whatever in front of sunstone to actually authenticate the user (in this case via 2 way SSL auth) and then sunstone just accepts the user as authenticated. What I'd like to do, is use apache with mod_auth_kerb to authenticate users in apache via kerberos, and then have sunstone accept the user as authenticated from apache (similar to how the x509 auth works). Mod_auth_kerb simply sets the CGI value of REMOTE_USER to the authenticated user once authentication is complete, and I'm wondering if there is some sort of "dummy" auth module for sunstone that simply takes the user as supplied via a header or CGI variable and uses it, trusting the layer in front of it to authenticate the user correctly. If not, is this something worth me lodging a feature request for? Or lodging a feature request to have Kerberos/GSSAPI authentication implemented across opennebula in general? Regards, Graeme _______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org