diff options
| author | Simo Sorce <simo@redhat.com> | 2013-05-06 12:29:34 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2013-08-20 11:54:38 -0400 |
| commit | ffa55f7a8cbc824b03cec8cbfbb380b42f9c3e70 (patch) | |
| tree | 4e4f4967a79e3b57235a0ee1e1008033024f72ad /etc | |
| parent | 9c92d27937f733645631eb43a1ad48bae78d630c (diff) | |
| download | keystone-ffa55f7a8cbc824b03cec8cbfbb380b42f9c3e70.tar.gz keystone-ffa55f7a8cbc824b03cec8cbfbb380b42f9c3e70.tar.xz keystone-ffa55f7a8cbc824b03cec8cbfbb380b42f9c3e70.zip | |
Initial KDS service
The Key Distribution Service is used to register keys for services and
distribute tickets to contact othe services.
The KDS is used to digitally sign and optionally encrypt messages sent over the
message queue by the rpc modules.
It implements the service described in this document:
https://wiki.openstack.org/wiki/MessageSecurity#A_Key_Distribution_Server_in_Keystone
blueprint key-distribution-server
Change-Id: Ib47aca8f72623a07ff18f23d46d0af520e463fc9
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/keystone-paste.ini | 5 | ||||
| -rw-r--r-- | etc/keystone.conf.sample | 7 |
2 files changed, 11 insertions, 1 deletions
diff --git a/etc/keystone-paste.ini b/etc/keystone-paste.ini index 9c5545db..fb66397e 100644 --- a/etc/keystone-paste.ini +++ b/etc/keystone-paste.ini @@ -45,6 +45,9 @@ paste.filter_factory = keystone.contrib.stats:StatsExtension.factory [filter:access_log] paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory +[filter:kds_extension] +paste.filter_factory = keystone.contrib.kds.routers:KDSExtension.factory + [app:public_service] paste.app_factory = keystone.service:public_app_factory @@ -61,7 +64,7 @@ pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_bo pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension crud_extension admin_service [pipeline:api_v3] -pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension service_v3 +pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension kds_extension service_v3 [app:public_version_service] paste.app_factory = keystone.service:public_version_app_factory diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample index 13d14317..68af3f59 100644 --- a/etc/keystone.conf.sample +++ b/etc/keystone.conf.sample @@ -160,6 +160,13 @@ [ec2] # driver = keystone.contrib.ec2.backends.kvs.Ec2 +[kds] +# driver = keystone.contrib.kds.backends.sql.KDS +# master_key_file = /etc/keystone/kds.mkey +# enctype = AES +# hashtype = SHA256 +# ticket_lifetime = 3600 + [assignment] # driver = |