settingsLogin | Registersettings

Re: [Openstack] Radius scalability

0 votes

Hi Robert,

I saw your proposal about keystone middleware
for Radius and OpenStack integration from the last year’s discussion,

do you know about the progress in this area,
maybe someone has already done the scalability evaluation?

My idea atm is to use Radius with TripleO.

Hi Nikolay,

I guess you a referencing this reply I gave at some ploint ???

You can write your own keystone middleware to authenticate with.
There is a nice doc about that here:
http://docs.openstack.org/developer/keystone/external-auth.html

Note that if you use external_auth as in the example it will only take over the authentication:
The user will still need to exist in keystone and roles need to be assigned in the keystone backend.

For a "fully integrated” solution you will have to look at LDAP afaik.

As I mentioned you can build your own login integration if you are comfortable with python.
The login integration part is super easy, just set a REMOTE_USER if an authentication succeeded.
The hard part is managing the users/groups in keystone.
You will need to write some kind of sync creating users/tenants and giving/revoking appropriate access in keystone.
I am not sure if anybody made this for radius and would be willing to share that.

You might also want to search for/ look at keystone federation.

Cheers,
Robert van Leeuwen


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
asked Apr 19, 2017 in openstack by Van_Leeuwen,_Robert (1,740 points)   1 3
...