Monday, May 23, 2016

Kerberos and Keystone: How to integrate Kerberos with OpenLDAP backend in OpenStack Keystone

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
This post describes how to set up OpenStack Keystone with external authentication - Kerberos with OpenLDAP backend. The post also contains results of the research about using Kerberos not just for authentication but also for authorization by storing additional data (like groups, roles, etc.) in Kerberos ticket.
This post describes how to set up following configuration:

Friday, May 20, 2016

Keystone and WebSSO: Using Active Directory Federation Services with OpenStack Keystone

In this post we walk the reader through the following configuration:
  •     Keystone as Service Provider (with Shibboleth Apache Module)
  •     AD FS as Identity Provider
  •     Active Directory as storage for users