Design and Implementation of OpenStack Cloud Platform Identity Management Scheme

Based on the analysis of the identity management mechanism of OpenStack cloud platform security component Keystone, this paper proposes an OpenStack identity management enhancement scheme to solve the problem that its identity authentication mechanism is too simple and not open enough. The program uses the open security management interface provided by open source security component FreeIPA to add a security component Sentinel in OpenStack. Sentinel implements external user authentication, internal host-service management, and access control in OpenStack by calling the FreeIPA security interface. The effectiveness of Sentinel's authentication to external users is demonstrated by testing the OpenStack platform for external users.