diff options
| author | Prashanth Pai <ppai@redhat.com> | 2013-12-26 14:24:19 +0530 | 
|---|---|---|
| committer | Luis Pabon <lpabon@redhat.com> | 2014-01-10 07:45:51 -0800 | 
| commit | f952c756ad024e100953a43b1f297f82b5c8f3e2 (patch) | |
| tree | f30f155a1fd1c1929370af1094cb83567b5aed81 /doc | |
| parent | 2f9e3120bbd7ef6b7459fccb5b740b6542b13c57 (diff) | |
Return X-Storage-Url in passive mode
When auth_mode is set to 'passive', client can authenticate itself
using account, user and key. This enables swiftkerbauth to return
X-Storage-Url response header to client. X-Storage-Url contains
account name provided in the request.
This required a change in X-Storage-User header format from
X-Storage-User: user
            to
X-Storage-User: account:user
This makes swiftkerbauth(passive mode) handle_get_token APIs to be
more consistent with that of swauth and tempauth.
Change-Id: Ic1d1520bb8afbc80cca443d92d659436f2f7cd0e
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6595
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/AD_server.md | 12 | ||||
| -rw-r--r-- | doc/ipa_server.md | 12 | ||||
| -rw-r--r-- | doc/swiftkerbauth_guide.md | 6 | 
3 files changed, 28 insertions, 2 deletions
| diff --git a/doc/AD_server.md b/doc/AD_server.md index c34f0f1..66d90f2 100644 --- a/doc/AD_server.md +++ b/doc/AD_server.md @@ -98,6 +98,18 @@ On client:  <a name="users-groups" />  ###Adding users and groups +The following convention is to be followed in creating group names: + +    <reseller-prefix>\_<volume-name> + +    <reseller-prefix>\_<account-name> + +As of now, account=volume=group + +For example: + +    AUTH\_test +  Adding groups and users to the Windows domain is easy task.      - Start -> Administrative Tools -> Active Directory Users & Computers diff --git a/doc/ipa_server.md b/doc/ipa_server.md index ef12b53..55e654e 100644 --- a/doc/ipa_server.md +++ b/doc/ipa_server.md @@ -107,6 +107,18 @@ Check if reverse resolution works :  <a name="users-groups" />  ## Adding users and groups +The following convention is to be followed in creating group names: + +    <reseller-prefix>\_<volume-name> + +    <reseller-prefix>\_<account-name> + +As of now, account=volume=group + +For example: + +    AUTH\_test +  Create *auth_reseller_admin* user group  > ipa group-add auth_reseller_admin --desc="Full access to all Swift accounts" diff --git a/doc/swiftkerbauth_guide.md b/doc/swiftkerbauth_guide.md index e18c7ef..12845a6 100644 --- a/doc/swiftkerbauth_guide.md +++ b/doc/swiftkerbauth_guide.md @@ -103,6 +103,7 @@ Edit */etc/swift/proxy-server.conf* and add a new filter section as follows:      [filter:kerbauth]      use = egg:swiftkerbauth#kerbauth      ext_authentication_url = http://client.rhelbox.com/cgi-bin/swift-auth +    auth_mode=passive  Add kerbauth to pipeline @@ -438,8 +439,9 @@ The --negotiate option is for curl to perform Kerberos authentication and  #### Get an authentication token when auth_mode=passive: -> curl -v -H 'X-Auth-User: auth_admin' -H 'X-Auth-Key: Redhat*123' http://127.0.0.1:8080/auth/v1.0 +> curl -v -H 'X-Auth-User: test:auth_admin' -H 'X-Auth-Key: Redhat*123' http://127.0.0.1:8080/auth/v1.0 +**NOTE**: X-Storage-Url response header can be returned only in passive mode.  <a name="config-swiftkerbauth" />  ##Configurable Parameters @@ -481,7 +483,7 @@ Set this to **"passive"** when you want to allow access to clients residing  outside the domain. In this mode, authentication is performed by gleaning  username and password from request headers (X-Auth-User and X-Auth-Key) and  running kinit command against it.    -Default value: active +Default value: passive  #### realm_name  This is applicable only when the auth_method=passive. This option specifies | 
