On 05/04/2015 10:23 AM, rémi Le trocquer wrote:
Hi,
In multi-region configuration : multi keystone, multi database
but with a common ldap. Is-it possible on Horizon to switch
region without re-authenticate ?
Horizon talks to Keystone to get the service catalog, and uses the
service catalog to figure out which service to talk to. Horizon does
not have a Region select function, as far as I have seen.
With OPKI or Fernet tokens, you should be able to share tokens across
multiple regions. In both cases, it is a key distribution matter; for
PKI, all of the the Public keys need to be in all the endpoints, for
Fernet, all of the Keystone servers need the same set of signing keys.
SSO doesn't help. It is a question of token validation.
For reason of latency or RTT, it is not possible to share the databases
between the keystone indeed the sites could be geographically distant.
Is there a solution perhaps using :
Kerberos + SSO/ Fernet token/ K2K + SSO ?
Regards,
Rémi Le Trocquer
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
