PAM authentication pluging
Add a PAM authentication plugin to Keystone. Not an identity module, just authentication. The users and groups will exists in the SQL (or whatever) backend but the user/pass will be verified by the PAM subsystem. For example, it's useful if you want to use LDAP authentication but you can use the existing LDAP as Identity backend (for schema compatibility issues).
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- DiegoWoitasen
- Direction:
- Needs approval
- Assignee:
- DiegoWoitasen
- Definition:
- Superseded
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Morgan Fainberg
Whiteboard
(morganfainberg): There is a blueprint to support support SSSD, this would cover the PAM-usecase. There really is no reason to use "PAM" for auth and SQL for storing the user data, either the user information should be pulled from LDAP / SSSD / Federated or be managed by keystone's SQL backend.
This blueprint is related: https:/