[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Multi Clusters : Token management



Srinivas Naga Kotaru (skotaru) wrote on 02/19/2016 08:00 PM:
David

Thanks for info

It looks like a big problem from management or client experience
perceptive . Have seen most of the clients are using a single cluster
but what about if a client has multiple clusters but client base is
common? Authentication, authorization,  API  end points all are
different or need to be managed independent to each other.

I think you can setup proper certificate auth on all clusters to avoid need to obtain different tokens from each cluster. i.e. all clusters would accept the same client certificates. I'm not sure trying to make tokens work across clusters is a good idea. At least doing it right might not be easier than cert auth, I suspect it will be ugly.

Btw for web console users, one can have same SSO across clusters so that user will login only once per time period. For example kerberos or google auth. This would be much easier than certificate auth but limited to web console.

This is what current solution or can we change anything for better
client experience in multi cluster environments ?

Do you mean only auth or also other difficulties?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]