Horizon gurus Release: icehouse Token Type : PKI Identity Backend: LDAP
Monitoring the authentication traffic generated by Horizon to LDAP, I was surprised to see that after the initial logon, and under the 'Project' tab, I was still seeing calls out to LDAP each time I entered a link related to a service (images, volumes, images and snapshots etc...). My assumption was that after the initial logon the token would be used to satisfy authentication requirements (until it expired). I ran some debugging and confirmed that the underlying python scripts e.g. /usr/share/openstack-dashboard/openstack_dashboard/api/* pickup the same token although curiously at first glance it looks like a UUID based token and not a PKI token. So, my questions are: i. Should Horizon honour token authentication as I enter different services - mitigating the need to authN against ldap until token expires? ii. Am I seeing a compressed PKI token when pulling data from /user/share/openstack-dashboard/openstack_dashboard/api/glance.py or cinder.py etc.... Cheers Mike
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
