[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Multi Clusters : Token management

I like the client cert authentication. Do we have any working instructions to test?

Pl confirm, It means every client need to have their own cert? don’t you think it would by very difficult to administrator in a big organization?

Srinivas Kotaru

On 2/19/16, 10:49 AM, "Aleksandar Kostadinov" <akostadi redhat com> wrote:

>Srinivas Naga Kotaru (skotaru) wrote on 02/19/2016 08:00 PM:
>> David
>> Thanks for info
>> It looks like a big problem from management or client experience
>> perceptive . Have seen most of the clients are using a single cluster
>> but what about if a client has multiple clusters but client base is
>> common? Authentication, authorization,  API  end points all are
>> different or need to be managed independent to each other.
>I think you can setup proper certificate auth on all clusters to avoid 
>need to obtain different tokens from each cluster. i.e. all clusters 
>would accept the same client certificates. I'm not sure trying to make 
>tokens work across clusters is a good idea. At least doing it right 
>might not be easier than cert auth, I suspect it will be ugly.
>Btw for web console users, one can have same SSO across clusters so that 
>user will login only once per time period. For example kerberos or 
>google auth. This would be much easier than certificate auth but limited 
>to web console.
>> This is what current solution or can we change anything for better
>> client experience in multi cluster environments ?
>Do you mean only auth or also other difficulties?

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]