diff options
author | Prashanth Pai <ppai@redhat.com> | 2013-12-26 14:24:19 +0530 |
---|---|---|
committer | Luis Pabon <lpabon@redhat.com> | 2014-01-10 07:45:51 -0800 |
commit | f952c756ad024e100953a43b1f297f82b5c8f3e2 (patch) | |
tree | f30f155a1fd1c1929370af1094cb83567b5aed81 /doc/swiftkerbauth_guide.md | |
parent | 2f9e3120bbd7ef6b7459fccb5b740b6542b13c57 (diff) |
Return X-Storage-Url in passive mode
When auth_mode is set to 'passive', client can authenticate itself
using account, user and key. This enables swiftkerbauth to return
X-Storage-Url response header to client. X-Storage-Url contains
account name provided in the request.
This required a change in X-Storage-User header format from
X-Storage-User: user
to
X-Storage-User: account:user
This makes swiftkerbauth(passive mode) handle_get_token APIs to be
more consistent with that of swauth and tempauth.
Change-Id: Ic1d1520bb8afbc80cca443d92d659436f2f7cd0e
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6595
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
Diffstat (limited to 'doc/swiftkerbauth_guide.md')
-rw-r--r-- | doc/swiftkerbauth_guide.md | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/swiftkerbauth_guide.md b/doc/swiftkerbauth_guide.md index e18c7ef..12845a6 100644 --- a/doc/swiftkerbauth_guide.md +++ b/doc/swiftkerbauth_guide.md @@ -103,6 +103,7 @@ Edit */etc/swift/proxy-server.conf* and add a new filter section as follows: [filter:kerbauth] use = egg:swiftkerbauth#kerbauth ext_authentication_url = http://client.rhelbox.com/cgi-bin/swift-auth + auth_mode=passive Add kerbauth to pipeline @@ -438,8 +439,9 @@ The --negotiate option is for curl to perform Kerberos authentication and #### Get an authentication token when auth_mode=passive: -> curl -v -H 'X-Auth-User: auth_admin' -H 'X-Auth-Key: Redhat*123' http://127.0.0.1:8080/auth/v1.0 +> curl -v -H 'X-Auth-User: test:auth_admin' -H 'X-Auth-Key: Redhat*123' http://127.0.0.1:8080/auth/v1.0 +**NOTE**: X-Storage-Url response header can be returned only in passive mode. <a name="config-swiftkerbauth" /> ##Configurable Parameters @@ -481,7 +483,7 @@ Set this to **"passive"** when you want to allow access to clients residing outside the domain. In this mode, authentication is performed by gleaning username and password from request headers (X-Auth-User and X-Auth-Key) and running kinit command against it. -Default value: active +Default value: passive #### realm_name This is applicable only when the auth_method=passive. This option specifies |