swauth

RETIRED, An alternative authentication system for Swift

Go to file

Jenkins 19f9beeb9d Merge "Fix changing of auth_type in existing deployments"		2016-03-08 10:26:55 +00:00
bin	use standard library json instead of simplejson	2015-11-23 12:13:07 +01:00
doc	Document swift3 compatibility	2016-02-26 15:10:42 +05:30
etc	Allow configuring salt manually	2016-02-29 11:49:11 +05:30
swauth	Merge "Fix changing of auth_type in existing deployments"	2016-03-08 10:26:55 +00:00
test	Merge "Fix changing of auth_type in existing deployments"	2016-03-08 10:26:55 +00:00
webadmin	Webadmin logout fix.	2015-04-23 14:53:08 +02:00
.coveragerc	Change setup.py to OS one	2015-11-18 10:54:03 +01:00
.gitignore	.tox directory added to .gitignore	2015-11-23 20:55:32 +01:00
.gitreview	Add .gitreview file	2015-11-12 12:19:13 +01:00
.mailmap	.mailmap	2015-12-13 19:13:14 +01:00
.unittests	Rename of "test_swauth" to "test" fix	2015-12-13 15:40:57 +01:00
AUTHORS	Release 1.1.0	2015-12-16 09:50:57 +00:00
CHANGELOG	Release 1.1.0	2015-12-16 09:50:57 +00:00
CONTRIBUTING.rst	Add IRC link	2015-11-25 14:16:18 +01:00
LICENSE	Initial commit of original codebase, altered to work in new codebase.	2011-05-26 10:39:59 +00:00
MANIFEST.in	Rename of "test_swauth" to "test" fix	2015-12-13 15:40:57 +01:00
README.md	Document swift3 compatibility	2016-02-26 15:10:42 +05:30
babel.cfg	Initial commit of original codebase, altered to work in new codebase.	2011-05-26 10:39:59 +00:00
requirements.txt	Updated from global requirements	2016-02-19 18:57:12 +00:00
setup.cfg	Remove outdated locale	2016-01-31 22:15:29 +01:00
setup.py	Updated from global requirements	2015-12-13 10:36:52 +00:00
test-requirements.txt	Updated from global requirements	2016-01-28 01:32:19 +00:00
tox.ini	Fixed E127 and E131 hacking.	2016-02-14 14:27:33 +01:00

README.md

Swauth

An Auth Service for Swift as WSGI Middleware that uses Swift itself as a backing store. Docs at: http://swauth.readthedocs.org/ or ask in #openstack-swauth on freenode IRC.

See also https://github.com/openstack/keystone for the standard OpenStack auth service.

NOTE

Be sure to review the docs at: http://swauth.readthedocs.org/

Quick Install

Install Swauth with sudo python setup.py install or sudo python setup.py develop or via whatever packaging system you may be using.

Alter your proxy-server.conf pipeline to have swauth instead of tempauth:

Was:

 [pipeline:main]
 pipeline = catch_errors cache tempauth proxy-server

Change To:

 [pipeline:main]
 pipeline = catch_errors cache swauth proxy-server

Add to your proxy-server.conf the section for the Swauth WSGI filter:

[filter:swauth] use = egg:swauth#swauth set log_name = swauth super_admin_key = swauthkey
Be sure your proxy server allows account management:

[app:proxy-server] ... allow_account_management = true
Restart your proxy server swift-init proxy reload
Initialize the Swauth backing store in Swift swauth-prep -K swauthkey
Add an account/user swauth-add-user -A http://127.0.0.1:8080/auth/ -K swauthkey -a test tester testing
Ensure it works swift -A http://127.0.0.1:8080/auth/v1.0 -U test:tester -K testing stat -v

Web Admin Install

If you installed from packages, you'll need to cd to the webadmin directory the package installed. This is /usr/share/doc/python-swauth/webadmin with the Lucid packages. If you installed from source, you'll need to cd to the webadmin directory in the source directory.
Upload the Web Admin files with swift -A http://127.0.0.1:8080/auth/v1.0 -U .super_admin:.super_admin -K swauthkey upload .webadmin .
Open http://127.0.0.1:8080/auth/ in your browser.

Swift3 Middleware Compatibility

Swift3 middleware can be used with swauth when auth_type in swauth is configured to be Plaintext (default).

[pipeline:main]
pipeline = catch_errors cache swift3 swauth proxy-server

It can be used with auth_type set to Sha1/Sha512 too but with certain caveats. Refer to swift3 compatibility section in documentation for further details