OpenStack Identity (keystone)

Keystone Kerberos auth broken when delegate to HTTP

Bug #1947870 reported by Sacha Pateyron on 2021-10-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	New	Undecided	Unassigned

Bug Description

Keystone Kerberos works well when you openstack client
can dialog with yours KDC.

However when KDC is hidden, it's not accessible by our
users directly so we need to delegate the auth Kerberos
to HTTP to get Keystone token, that's why we use curl command.

From the Openstack client cli we get "Negotiate"
as auth_type -> it's works. Nonetheless with curl we get "Basic"
as auth_type -> raised error.

That's why we proposed to add "Basic" as authorized method for Kerberos.

https://review.opendev.org/c/openstack/keystone/+/814770

Patchset: 1efc0c5c6730c9066f47edf953bf805aec0fd3c0

Tags:

Sacha Pateyron (ulrichthesoftwaredev) on 2021-10-20

tags:	added: kerberos keystone train
tags:	added: http negotiate

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.