From f952c756ad024e100953a43b1f297f82b5c8f3e2 Mon Sep 17 00:00:00 2001
From: Prashanth Pai <ppai@redhat.com>
Date: Thu, 26 Dec 2013 14:24:19 +0530
Subject: Return X-Storage-Url in passive mode

When auth_mode is set to 'passive', client can authenticate itself
using account, user and key. This enables swiftkerbauth to return
X-Storage-Url response header to client. X-Storage-Url contains
account name provided in the request.

This required a change in X-Storage-User header format from

X-Storage-User: user
            to
X-Storage-User: account:user

This makes swiftkerbauth(passive mode) handle_get_token APIs to be
more consistent with that of swauth and tempauth.

Change-Id: Ic1d1520bb8afbc80cca443d92d659436f2f7cd0e
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6595
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
---
 doc/swiftkerbauth_guide.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'doc/swiftkerbauth_guide.md')

diff --git a/doc/swiftkerbauth_guide.md b/doc/swiftkerbauth_guide.md
index e18c7ef..12845a6 100644
--- a/doc/swiftkerbauth_guide.md
+++ b/doc/swiftkerbauth_guide.md
@@ -103,6 +103,7 @@ Edit */etc/swift/proxy-server.conf* and add a new filter section as follows:
     [filter:kerbauth]
     use = egg:swiftkerbauth#kerbauth
     ext_authentication_url = http://client.rhelbox.com/cgi-bin/swift-auth
+    auth_mode=passive
 
 Add kerbauth to pipeline
 
@@ -438,8 +439,9 @@ The --negotiate option is for curl to perform Kerberos authentication and
 
 
 #### Get an authentication token when auth_mode=passive:
-> curl -v -H 'X-Auth-User: auth_admin' -H 'X-Auth-Key: Redhat*123' http://127.0.0.1:8080/auth/v1.0
+> curl -v -H 'X-Auth-User: test:auth_admin' -H 'X-Auth-Key: Redhat*123' http://127.0.0.1:8080/auth/v1.0
 
+**NOTE**: X-Storage-Url response header can be returned only in passive mode.
 
 <a name="config-swiftkerbauth" />
 ##Configurable Parameters
@@ -481,7 +483,7 @@ Set this to **"passive"** when you want to allow access to clients residing
 outside the domain. In this mode, authentication is performed by gleaning
 username and password from request headers (X-Auth-User and X-Auth-Key) and
 running kinit command against it.   
-Default value: active
+Default value: passive
 
 #### realm_name
 This is applicable only when the auth_method=passive. This option specifies
-- 
cgit