|
Kerberos-Based Authentication for University of Texas at San Antonio,
USA
Abstract Cloud computing is an emerging technology, which will be a ubiquitous service in the near future. Cloud has also converged many seemingly different components such as compute, storage, etc. into a unified infrastructure. OpenStack is one of the prominent cloud computing software in the cloud community. It is deployed as Infrastructure as a Service, which means it allows users to provision their own machines in cloud by using its components, like storage, computation, etc. In order to provide such services, OpenStack needs to authenticate its users. The component in OpenStack that performs this function is called Keystone. In Keystone, the current mechanism is to provide a token to the requesting user, which is then provided to various other services from which the users request specific services (e.g. compute, storage, etc.) In this paper, a standard Kerberos-based authentication system is investigated and developed for OpenStack. A key contribution of this investigation is to gain understanding of the feasibility of Kerberos in OpenStack for the purpose of authentication. A major benefit is that the authentication system in OpenStack can then be based on a well-known and well-studied standard. A prototype authentication system of a component of the proposed protocol is implemented. The demonstration and evaluation of this implementation are also discussed. Keywords: OpenStack, Kerberos, IaaS,
Authentication, Cloud. +: Corresponding author: Ram Krishnan IT Convergence Practice (INPRA), Vol. 3, No. 2, pp. 1-24, June 2015 [pdf] |