x
/
swauth
Code Issues Proposed changes
RETIRED, An alternative authentication system for Swift
205 Commits 1 Branch 10 Tags 1.2 MiB
Go to file
Prashanth Pai 5d15daaab6 Don't include salt in HMAC computation 
Currently, the input to HMAC function is the entire stored credential
in the format '<salt>$<hash>` but it should rather be only the hashed
key/password.

With this change, validate_creds() method is invoked and only the hash
of the password is used in HMAC computation.

Change-Id: I1a9bbcac6f49c23f3256572f148e55249a59f7ed
Signed-off-by: Prashanth Pai <ppai@redhat.com>
 		2016-06-07 15:12:27 +05:30
bin Add support for setting already hashed password 2016-05-24 12:08:38 +02:00
doc Add support for setting already hashed password 2016-05-24 12:08:38 +02:00
etc Allow configuring salt manually 2016-02-29 11:49:11 +05:30
swauth Don't include salt in HMAC computation 2016-06-07 15:12:27 +05:30
test Don't include salt in HMAC computation 2016-06-07 15:12:27 +05:30
webadmin Webadmin logout fix. 2015-04-23 14:53:08 +02:00
.coveragerc Change setup.py to OS one 2015-11-18 10:54:03 +01:00
.gitignore .tox directory added to .gitignore 2015-11-23 20:55:32 +01:00
.gitreview Add .gitreview file 2015-11-12 12:19:13 +01:00
.mailmap .mailmap 2015-12-13 19:13:14 +01:00
.unittests Rename of "test_swauth" to "test" fix 2015-12-13 15:40:57 +01:00
AUTHORS Release 1.1.0 2015-12-16 09:50:57 +00:00
CHANGELOG Release 1.1.0 2015-12-16 09:50:57 +00:00
CONTRIBUTING.rst Add IRC link 2015-11-25 14:16:18 +01:00
LICENSE Initial commit of original codebase, altered to work in new codebase. 2011-05-26 10:39:59 +00:00
MANIFEST.in Rename of "test_swauth" to "test" fix 2015-12-13 15:40:57 +01:00
README.md Changed Read the Docs TLD domain to .io 2016-04-28 10:14:57 +02:00
babel.cfg Initial commit of original codebase, altered to work in new codebase. 2011-05-26 10:39:59 +00:00
requirements.txt Updated from global requirements 2016-02-19 18:57:12 +00:00
setup.cfg Remove outdated locale 2016-01-31 22:15:29 +01:00
setup.py Updated from global requirements 2015-12-13 10:36:52 +00:00
test-requirements.txt Updated from global requirements 2016-05-26 17:06:34 +00:00
tox.ini Swift dependency bump to Mitaka. 2016-05-31 21:39:51 +02:00

README.md

Swauth

An Auth Service for Swift as WSGI Middleware that uses Swift itself as a backing store. Docs at: https://swauth.readthedocs.io/ or ask in #openstack-swauth on freenode IRC.

See also https://github.com/openstack/keystone for the standard OpenStack auth service.

NOTE

Be sure to review the docs at: https://swauth.readthedocs.io/

Quick Install

  1. Install Swauth with sudo python setup.py install or sudo python setup.py develop or via whatever packaging system you may be using.

  2. Alter your proxy-server.conf pipeline to have swauth instead of tempauth:

    Was:

     [pipeline:main]
 pipeline = catch_errors cache tempauth proxy-server

    Change To:

     [pipeline:main]
 pipeline = catch_errors cache swauth proxy-server

  3. Add to your proxy-server.conf the section for the Swauth WSGI filter:

    [filter:swauth] use = egg:swauth#swauth set log_name = swauth super_admin_key = swauthkey

  4. Be sure your proxy server allows account management:

    [app:proxy-server] ... allow_account_management = true

  5. Restart your proxy server swift-init proxy reload

  6. Initialize the Swauth backing store in Swift swauth-prep -K swauthkey

  7. Add an account/user swauth-add-user -A http://127.0.0.1:8080/auth/ -K swauthkey -a test tester testing

  8. Ensure it works swift -A http://127.0.0.1:8080/auth/v1.0 -U test:tester -K testing stat -v

Web Admin Install

  1. If you installed from packages, you'll need to cd to the webadmin directory the package installed. This is /usr/share/doc/python-swauth/webadmin with the Lucid packages. If you installed from source, you'll need to cd to the webadmin directory in the source directory.

  2. Upload the Web Admin files with swift -A http://127.0.0.1:8080/auth/v1.0 -U .super_admin:.super_admin -K swauthkey upload .webadmin .

  3. Open http://127.0.0.1:8080/auth/ in your browser.

Swift3 Middleware Compatibility

Swift3 middleware can be used with swauth when auth_type in swauth is configured to be Plaintext (default).

[pipeline:main]
pipeline = catch_errors cache swift3 swauth proxy-server

It can be used with auth_type set to Sha1/Sha512 too but with certain caveats. Refer to swift3 compatibility section in documentation for further details