Eucalyptus manages access control through an authentication, authorization, and accounting system. This system manages user identities, enforces access controls over resources, and provides reporting on resource usage as a basis for auditing and managing cloud activities.
The user identity organizational model and the scheme of authorizations used to access resources are based on and compatible with the AWS Identity and Access Management (IAM) system, with some Eucalyptus extensions provided that support ease-of-use in a private cloud environment.
You can also perform user authentication by integrating Eucalyptus with an existing LDAP or Active Directory. In this case, the user, group and account information, and Eucalyptus Administrator Console login authenticate using the LDAP/AD service. This information cannot be changed from Eucalyptus side when LDAP/AD integration is turned on. However, other Eucalyptus-specific information about user, group and account is still stored within the local database of Eucalyptus, including certificates, secret keys and attached policies.
For more information about synchronizing an existing LDAP or Active Directory with Eucalyptus, see LDAP/AD Integration.