summaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Return X-Storage-Url in passive modePrashanth Pai2014-01-103-2/+28
| | | | | | | | | | | | | | | | | | | | | | When auth_mode is set to 'passive', client can authenticate itself using account, user and key. This enables swiftkerbauth to return X-Storage-Url response header to client. X-Storage-Url contains account name provided in the request. This required a change in X-Storage-User header format from X-Storage-User: user to X-Storage-User: account:user This makes swiftkerbauth(passive mode) handle_get_token APIs to be more consistent with that of swauth and tempauth. Change-Id: Ic1d1520bb8afbc80cca443d92d659436f2f7cd0e Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6595 Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com>
* Additional Parameters to create keytab fileChetan Risbud2013-12-041-1/+2
| | | | | | | | | | | | | | | | | Minor changes to explicitly set keyversion number as 0 and encryption method while creating keytab file on Windows AD server. This has been noticed on different windows 2008 server that they set different kvno by default. So just making sure it to be 0 as expected by mod_auth_kerb. Bug: N/A Change-Id: Ic114e4964745abfe97fbfcd575b5205bd6aaf171 Signed-off-by: Chetan Risbud <crisbud@redhat.com> Reviewed-on: http://review.gluster.org/6370 Reviewed-by: Prashanth Pai <ppai@redhat.com> Tested-by: Prashanth Pai <ppai@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com>
* Feature: Support client outside domainPrashanth Pai2013-11-251-0/+53
| | | | | | | | | | | | | | | | | | | | | Until now, all clients had to be part of Kerberos domain as authentication was done by mod_auth_kerb module of httpd by using Kerberos Ticket bundled with the request. To suport clients residing outside domain, we introduce a configurable option called "auth_mode". When auth_mode is set to 'passive', a client residing outside domain can authenticate itself by sending username(X-Auth-User) and password(X-Auth-Key) as request headers. This information is gleaned from the request and kinit is run against it. A successful kinit means the username and password exists on the Kerberos server. Change-Id: I1a165bd56bc3a425b00bcfdbf32150c14b5d9790 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6296 Reviewed-by: Chetan Risbud <crisbud@redhat.com> Tested-by: Chetan Risbud <crisbud@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Modularize swift-auth CGI script, add unit testsPrashanth Pai2013-11-171-4/+3
| | | | | | | | | | | | | | | - Moved most of swift-auth CGI script to kerbauth_utils.py - Added unit tests for kerbauth_utils.py - Made MEMCACHE_SERVERS, DEBUG_HEADERS, TOKEN_LIFE as configurable parameters Change-Id: I2e9e9823e8aa99dc2cf41327c55428350c8768dc Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6248 Tested-by: Chetan Risbud <crisbud@redhat.com> Reviewed-by: Chetan Risbud <crisbud@redhat.com> Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Add Windows AD documentationPrashanth Pai2013-10-173-0/+321
| | | | | | | | | | | | Added documentation to setup swiftkerbauth environment with Windows Active Directory Server and Linux client Change-Id: I18333428c633b23fd15afc8965266d546f0bb03b Original-author: Chetan Risbud <crisbud@redhat.com> Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6041 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Add documentationPrashanth Pai2013-10-165-299/+747
| | | | | | | | | | | | | The following guides were added: * Setting up a RHEL 6.x IdM server with a Fedora 18 client * Setting up and configuring swiftkerbauth * Architecture of Swiftkerbauth Change-Id: I50665e584ff9513b5a20d1eda546c73c93f14638 Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/6040 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
* Minor swiftkerbauth changesPrashanth Pai2013-09-231-0/+299
* Replaced python-webob with swift.common.swob * Use swift memcached instead of python memcached * Added optional debugging headers to swift-auth script * Swiftkerbauth and Apachekerbauth are now a single RPM * Updates to httpd conf file to specify Kerberos principal * Added setupy.py, makerpm.sh, .gitignore and MANIFEST.in * RPM is now generated by bdist_rpm using setup.py and not from spec files TODO -> Documentation changes in doc/ * Steps to setup kerberos environment * Swiftkerbauth usage and examples -> Testing swiftkerbauth * Investigate borrowing tests from tempauth.py and its dependencies * Write a python client script to test swiftkerbauth Signed-off-by: Prashanth Pai <ppai@redhat.com>
generated by cgit (git 2.34.1) at 2024-04-19 22:43:06 +0000