swauth

RETIRED, An alternative authentication system for Swift

Go to file

Ondřej Nový 5c76099efd More authtypes validation checks Change-Id: I47e139dc100333e2befc362196ede1b238ee0588		2016-05-31 20:42:16 +02:00
bin	Add support for setting already hashed password	2016-05-24 12:08:38 +02:00
doc	Add support for setting already hashed password	2016-05-24 12:08:38 +02:00
etc	Allow configuring salt manually	2016-02-29 11:49:11 +05:30
swauth	More authtypes validation checks	2016-05-31 20:42:16 +02:00
test	More authtypes validation checks	2016-05-31 20:42:16 +02:00
webadmin	Webadmin logout fix.	2015-04-23 14:53:08 +02:00
.coveragerc	Change setup.py to OS one	2015-11-18 10:54:03 +01:00
.gitignore	.tox directory added to .gitignore	2015-11-23 20:55:32 +01:00
.gitreview	Add .gitreview file	2015-11-12 12:19:13 +01:00
.mailmap	.mailmap	2015-12-13 19:13:14 +01:00
.unittests	Rename of "test_swauth" to "test" fix	2015-12-13 15:40:57 +01:00
AUTHORS	Release 1.1.0	2015-12-16 09:50:57 +00:00
CHANGELOG	Release 1.1.0	2015-12-16 09:50:57 +00:00
CONTRIBUTING.rst	Add IRC link	2015-11-25 14:16:18 +01:00
LICENSE	Initial commit of original codebase, altered to work in new codebase.	2011-05-26 10:39:59 +00:00
MANIFEST.in	Rename of "test_swauth" to "test" fix	2015-12-13 15:40:57 +01:00
README.md	Changed Read the Docs TLD domain to .io	2016-04-28 10:14:57 +02:00
babel.cfg	Initial commit of original codebase, altered to work in new codebase.	2011-05-26 10:39:59 +00:00
requirements.txt	Updated from global requirements	2016-02-19 18:57:12 +00:00
setup.cfg	Remove outdated locale	2016-01-31 22:15:29 +01:00
setup.py	Updated from global requirements	2015-12-13 10:36:52 +00:00
test-requirements.txt	Updated from global requirements	2016-04-08 13:29:58 +00:00
tox.ini	Fixed E127 and E131 hacking.	2016-02-14 14:27:33 +01:00

README.md

Swauth

An Auth Service for Swift as WSGI Middleware that uses Swift itself as a backing store. Docs at: https://swauth.readthedocs.io/ or ask in #openstack-swauth on freenode IRC.

See also https://github.com/openstack/keystone for the standard OpenStack auth service.

NOTE

Be sure to review the docs at: https://swauth.readthedocs.io/

Quick Install

Install Swauth with sudo python setup.py install or sudo python setup.py develop or via whatever packaging system you may be using.

Alter your proxy-server.conf pipeline to have swauth instead of tempauth:

Was:

 [pipeline:main]
 pipeline = catch_errors cache tempauth proxy-server

Change To:

 [pipeline:main]
 pipeline = catch_errors cache swauth proxy-server

Add to your proxy-server.conf the section for the Swauth WSGI filter:

[filter:swauth] use = egg:swauth#swauth set log_name = swauth super_admin_key = swauthkey
Be sure your proxy server allows account management:

[app:proxy-server] ... allow_account_management = true
Restart your proxy server swift-init proxy reload
Initialize the Swauth backing store in Swift swauth-prep -K swauthkey
Add an account/user swauth-add-user -A http://127.0.0.1:8080/auth/ -K swauthkey -a test tester testing
Ensure it works swift -A http://127.0.0.1:8080/auth/v1.0 -U test:tester -K testing stat -v

Web Admin Install

If you installed from packages, you'll need to cd to the webadmin directory the package installed. This is /usr/share/doc/python-swauth/webadmin with the Lucid packages. If you installed from source, you'll need to cd to the webadmin directory in the source directory.
Upload the Web Admin files with swift -A http://127.0.0.1:8080/auth/v1.0 -U .super_admin:.super_admin -K swauthkey upload .webadmin .
Open http://127.0.0.1:8080/auth/ in your browser.

Swift3 Middleware Compatibility

Swift3 middleware can be used with swauth when auth_type in swauth is configured to be Plaintext (default).

[pipeline:main]
pipeline = catch_errors cache swift3 swauth proxy-server

It can be used with auth_type set to Sha1/Sha512 too but with certain caveats. Refer to swift3 compatibility section in documentation for further details