Embracing change is hard. Accepting criticism on code you worked so hard to prepare for review can be hard on the ego. But when you have additional work that is underway that depends on submissions undergoing review, it can also be a challenge to your organizational skills. I’ve recently learned a trick about git that makes this easier in the context of Open Stack development.
West Point’s motto is “Duty, Honor, Country.” I graduated in 1993. Why did a former Army Officer end up at Red Hat?
Something you have. Something you are. Something You Know. Pick Two. This is the conventional wisdom for the basis of secure authentication.
With PKI, tokens have gone from 40 byte to a varying size more than 3000 bytes long. This plus additional payload in Horizon means that they no longer fit inside an HTTP cookie. How do we deal with this?
“I’ll gladly pay you Tuesday for a Hamburger Today” –Wimpy, from the Popeye Cartoon.
Sometimes you need to authorize a service to perform an action on your behalf. Often, that action takes place long after any authentication token you can provide would have expired. Currently, the only mechanism in Keystone that people can use is to share credentials. We can do better.
The Live CD shipped with Fedora 18 is a perfectly serviceable virtual machine image, provided you give it some writeable disk space. It even ships with a tool to make this happen. All it needs is a block device. Continue reading
Once you have a Directory server installed, you are going to want to query against it from throughout the Network. For many reasons, you will want traffic to the server encrypted. Here are the steps to quest against a server using LDAPS from a remote machine.
There have been a few questions regarding PKI tokens and their testing in the Openstack code base. Here are the steps:
Once again it is time to brain dump the things I want to make happen in the next release of Open Stack.
I’ve put a fair amount of time into the Signed Tokens implementation. Now that they have been merged into the master branch of Keystone, I’d like to get some more people playing around with the feature, and see how it impacts things. Continue reading