[one-users] Dummy Authentication driver available (for Kerberos authentication and others)?

Graeme Gillies graeme.r.gillies at gmail.com
Tue Sep 27 18:16:10 PDT 2011


I am currently evaluating Opennebula 3.0 for use within our
organization, and one of our security requirements is that all our
systems use Kerberos authentication where possible.

I my current deployment scenario, users will be interacting with
opennebula via sunstone. I see that currently  sunstone supports
normal form based authentication, and x509 authentication where you
rely on apache/lighthttpd/whatever in front of sunstone to actually
authenticate the user (in this case via 2 way SSL auth) and then
sunstone just accepts the user as authenticated.

What I'd like to do, is use apache with mod_auth_kerb to authenticate
users in apache via kerberos, and then have sunstone accept the user
as authenticated from apache (similar to how the x509 auth works).
Mod_auth_kerb simply sets the CGI value of REMOTE_USER to the
authenticated user once authentication is complete, and I'm wondering
if there is some sort of "dummy" auth module for sunstone that simply
takes the user as supplied via a header or CGI variable and uses it,
trusting the layer in front of it to authenticate the user correctly.

If not, is this something worth me lodging a feature request for? Or
lodging a feature request to have Kerberos/GSSAPI authentication
implemented across opennebula in general?



More information about the Users mailing list