[katello-devel] User Integration between Katello and Candlepin

[Bryan Kearney]

Per the discussion, this is my understanding:

1) Katello with authenticate vs. LDAP or an onboard store.
2) Katello will pass requests to Candlepin via oauth.
3) Katello will use the cp-user header to pass the actual user name.
4) Candlepin will have no user data, and will not be configured to use LDAP.
5) Candlepin will create a principal for that user, and give the user a 
"Trusted" Role.

In this way, Katello owns all Authn/Authz but Candlepin can still audit 
who is doing waht.

Is the above model correct?

Would the same model work for pulp?

Would the same model work for foreman?

-- bk