Following on my own message: On Tue, Oct 30, 2012 at 10:36 AM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote: > - Keystone > > This is not completely implemented yet, but it is likely that it will > make it to Bobtail. We'll make it so that Swift authentication (and > user management) will be able to go through Keystone. This is going along nicely. There is one issue that we're not completely sure which way to go though. The equivalent of a radosgw 'user' in keystone is a 'tenant'. A keystone tenant has an id, which is a long random hex string and a name. A user id that we'd use in radosgw is typically something less random, which maps better to the keystone name. However, it seems that the more correct way to go would be to map the radosgw user to the keystone id and not to the keystone name. Note that when mapping a radosgw user to the keystone tenant name, if we'd remove a keystone tenant and recreate another one with the same name, it'll map to the same radosgw user, whereas if we map the radosgw user to the keystone tenant id, we'd be pointing at a different user instance. Any thoughts? Yehuda -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
