Something you have. Something you are. Something You Know. Pick Two. This is the conventional wisdom for the basis of secure authentication.
Multifactor Auth and Keystone
Reply
PKI tokens and Horizon
With PKI, tokens have gone from 40 byte to a varying size more than 3000 bytes long. This plus additional payload in Horizon means that they no longer fit inside an HTTP cookie. How do we deal with this?
Preauthorization in Keystone
“I’ll gladly pay you Tuesday for a Hamburger Today” –Wimpy, from the Popeye Cartoon.
Sometimes you need to authorize a service to perform an action on your behalf. Often, that action takes place long after any authentication token you can provide would have expired. Currently, the only mechanism in Keystone that people can use is to share credentials. We can do better.
Making a Virtual Machine image from a Live CD
The Live CD shipped with Fedora 18 is a perfectly serviceable virtual machine image, provided you give it some writeable disk space. It even ships with a tool to make this happen. All it needs is a block device. Continue reading
LDAPS against a FreeIPA server
Once you have a Directory server installed, you are going to want to query against it from throughout the Network. For many reasons, you will want traffic to the server encrypted. Here are the steps to quest against a server using LDAPS from a remote machine.
Testing PKI Tokens in pre-release Folsom
There have been a few questions regarding PKI tokens and their testing in the Openstack code base. Here are the steps:
My Keystone To do list Fall 2012
Once again it is time to brain dump the things I want to make happen in the next release of Open Stack.
Testing out PKI Signed tokens in Openstack Keystone
I’ve put a fair amount of time into the Signed Tokens implementation. Now that they have been merged into the master branch of Keystone, I’d like to get some more people playing around with the feature, and see how it impacts things. Continue reading
Wizard Woodcarving
After reading The Hobbit to my sons, my younger guy requested his favorite character. Quite pleased with how this grey pilgrim turned out.
Git: Syncronizing Multiple Patches on Multiple Branches
With Openstack, I find I often have a patch up for review that I want to use as the basis for future work. When a review comes in, I have to make the changes for the review and update the commit. There are a couple ways to go about doing it, but here is one that has worked for me. Continue reading