Add new v3 resource to provide for Kerberos authentication
Kerberos is expensive to perform on every request. A special resource should be created so mod_auth_kerb can be configured to authenticate using Kerberos. Subsequent commands can use the existing authentication token (preferably stored in a python-keyring) until it expires. Keystone is already aware when it doesn't have a valid token and will automatically retrieve authentication via the /tokens resource. It is proposed that a /tokens/kerberos resource be created and mod_auth_kerb be configured to require Negotiate authentication on that. The response will be similar to that of a username/password authentication, either a 401 or an X-Auth-Token.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Rob Crittenden
- Direction:
- Needs approval
- Assignee:
- Rob Crittenden
- Definition:
- New
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Dolph Mathews
- Completed by
- Morgan Fainberg
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Initial kerberos middleware implementation. This patch will allow to use kerberos credentials to retrieve a token during a post on /v3/tokens
Addressed by: https:/
Kerberos as method name
Addressed by: https:/
test REMOTE_USER does not authenticate if external (and all other methods) are missing this test ensures that the token would come through as unauthenticated