diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/AD_server.md | 12 | ||||
-rw-r--r-- | doc/ipa_server.md | 12 | ||||
-rw-r--r-- | doc/swiftkerbauth_guide.md | 6 |
3 files changed, 28 insertions, 2 deletions
diff --git a/doc/AD_server.md b/doc/AD_server.md index c34f0f1..66d90f2 100644 --- a/doc/AD_server.md +++ b/doc/AD_server.md @@ -98,6 +98,18 @@ On client: <a name="users-groups" /> ###Adding users and groups +The following convention is to be followed in creating group names: + + <reseller-prefix>\_<volume-name> + + <reseller-prefix>\_<account-name> + +As of now, account=volume=group + +For example: + + AUTH\_test + Adding groups and users to the Windows domain is easy task. - Start -> Administrative Tools -> Active Directory Users & Computers diff --git a/doc/ipa_server.md b/doc/ipa_server.md index ef12b53..55e654e 100644 --- a/doc/ipa_server.md +++ b/doc/ipa_server.md @@ -107,6 +107,18 @@ Check if reverse resolution works : <a name="users-groups" /> ## Adding users and groups +The following convention is to be followed in creating group names: + + <reseller-prefix>\_<volume-name> + + <reseller-prefix>\_<account-name> + +As of now, account=volume=group + +For example: + + AUTH\_test + Create *auth_reseller_admin* user group > ipa group-add auth_reseller_admin --desc="Full access to all Swift accounts" diff --git a/doc/swiftkerbauth_guide.md b/doc/swiftkerbauth_guide.md index e18c7ef..12845a6 100644 --- a/doc/swiftkerbauth_guide.md +++ b/doc/swiftkerbauth_guide.md @@ -103,6 +103,7 @@ Edit */etc/swift/proxy-server.conf* and add a new filter section as follows: [filter:kerbauth] use = egg:swiftkerbauth#kerbauth ext_authentication_url = http://client.rhelbox.com/cgi-bin/swift-auth + auth_mode=passive Add kerbauth to pipeline @@ -438,8 +439,9 @@ The --negotiate option is for curl to perform Kerberos authentication and #### Get an authentication token when auth_mode=passive: -> curl -v -H 'X-Auth-User: auth_admin' -H 'X-Auth-Key: Redhat*123' http://127.0.0.1:8080/auth/v1.0 +> curl -v -H 'X-Auth-User: test:auth_admin' -H 'X-Auth-Key: Redhat*123' http://127.0.0.1:8080/auth/v1.0 +**NOTE**: X-Storage-Url response header can be returned only in passive mode. <a name="config-swiftkerbauth" /> ##Configurable Parameters @@ -481,7 +483,7 @@ Set this to **"passive"** when you want to allow access to clients residing outside the domain. In this mode, authentication is performed by gleaning username and password from request headers (X-Auth-User and X-Auth-Key) and running kinit command against it. -Default value: active +Default value: passive #### realm_name This is applicable only when the auth_method=passive. This option specifies |