Identity, authentication & access management in OpenStack : implementing and deploying Keystone, OpenStack's identity service

Identity, authentication & access management in OpenStack implementing and deploying Keystone, OpenStack's identity service

Keystone—OpenStack's Identity service—provides secure controlled access to a cloud’s resources. In OpenStack environments, Keystone performs many vital functions, such as authenticating users and determining what resources users are authorized to access. Whether the cloud is private, public, or...

Descripción completa

Detalles Bibliográficos
Otros Autores: Martinelli, Steve, author (author), Nash, Henry, author, Topol, Brad, author
Formato: Libro electrónico
Idioma:Inglés
Publicado: Sebastopol, CA : O'Reilly 2015.
Edición:Second edition
Materias:
OpenStack (Electronic resource)
Cloud computing.
Open source software.
Application program interfaces (Computer software)
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629673506719
Tabla de Contenidos:
  • Copyright; Table of Contents; Preface; Prologue; Conventions Used in This Book; Using Code Examples; Safari® Books Online; How to Contact Us; Acknowledgments; Introduction; Identity, Authentication, and Access Management Capabilities of Keystone; Identity; Authentication; Access Management (Authorization); Keystone's Primary Benefits; Chapter 1. Fundamental Keystone Topics; 1.1 Keystone Concepts; 1.1.1 What's a Project?; 1.1.2 What's a Domain?; 1.1.3 Users and User Groups (Actors); 1.1.4 Roles; 1.1.5 Assignment; 1.1.6 Targets; 1.1.7 What's a Token?; 1.1.8 What's a Catalog?; 1.2 Identity
  • 1.2.1 SQL1.2.2 LDAP; 1.2.3 Multiple Backends; 1.2.4 Identity Providers; 1.2.5 Use Cases for Identity Backends; 1.3 Authentication; 1.3.1 Password; 1.3.2 Token; 1.4 Access Management and Authorization; 1.5 Backends and Services; 1.6 FAQs; Chapter 2. Let's Use Keystone!; 2.1 Getting DevStack; 2.2 Basic Keystone Operations Using OpenStackClient; 2.2.1 Getting a Token; 2.2.2 Listing Users; 2.2.3 Listing Projects; 2.2.4 Listing Groups; 2.2.5 Listing Roles; 2.2.6 Listing Domains; 2.2.7 Creating Another Domain; 2.2.8 Create a Project within the Domain; 2.2.9 Create a User within the Domain
  • 2.2.10 Assigning a Role to a User for a Project2.2.11 Authenticating as the New User; 2.3 Basic Keystone Operations Using Horizon; 2.3.1 What Keystone Operations Are Available through Horizon?; 2.3.2 Accessing the Identity Operations; 2.3.3 List, Set, Delete, Create, and View a Project; 2.3.4 List, Set, Delete, Create, and View a User; 2.4 Tips, Common Pitfalls, and Troubleshooting; Check Your Scope: A Common Authentication Problem; Check Your Policy and Role: A Common Authorization Problem; Getting Additional Information; Chapter 3. Token Formats; 3.1 History of Keystone Token Formats
  • 3.2 UUID Tokens3.3 PKI Tokens; 3.4 Fernet Tokens; 3.5 Tips, Common Pitfalls, and Troubleshooting; 3.5.1 UUID Token Performance Degradation for Authentication Operations; 3.5.2 Using PKI Token and Swift or Horizon Not Working?; Chapter 4. LDAP; 4.1 Approach to LDAP Integration; 4.2 Configuring Keystone to Integrate with LDAP; 4.2.1 Other Keystone Configuration Options in Classic LDAP Support; 4.3 Multiple Domains and LDAP; 4.3.1 Requirements for Multi-Domain Corporate Directory Support; 4.3.2 Setting Up Multi-Domain Using the Configuration File-Based Approach
  • 4.3.3 Setting Up Multi-Domain Using the Keystone API-Based Approach4.3.4 Restrictions When Using Multi-Domain Identity; Use SQL for the Default Domain; Use LDAP for All Domains, Except an SQL Service Domain; Use LDAP for All Domains; 4.4 A Practical Guide to Using Multi-Domains and Keystone; 4.4.1 Setting Up LDAP; 4.4.2 Running Admin Commands; 4.4.3 Running LDAP User Commands; 4.4.4 Authenticating with Horizon; 4.5 Projects, Roles, and Assignments from LDAP (Just Say NO!); 4.6 Tips, Common Pitfalls, and Troubleshooting; 4.6.1 General LDAP Issues; 4.6.2 Tips for Using Multi-Domain LDAP
  • Chapter 5. Federated Identity

Ejemplares similares