[katello-devel] User Integration between Katello and Candlepin
Bryan Kearney
bkearney at redhat.com
Wed May 18 17:50:24 UTC 2011
Per the discussion, this is my understanding:
1) Katello with authenticate vs. LDAP or an onboard store.
2) Katello will pass requests to Candlepin via oauth.
3) Katello will use the cp-user header to pass the actual user name.
4) Candlepin will have no user data, and will not be configured to use LDAP.
5) Candlepin will create a principal for that user, and give the user a
"Trusted" Role.
In this way, Katello owns all Authn/Authz but Candlepin can still audit
who is doing waht.
Is the above model correct?
Would the same model work for pulp?
Would the same model work for foreman?
-- bk
More information about the katello-devel
mailing list