Updated docs.

doc/source/development_auth.rst

@@ -6,10 +6,13 @@ Auth Server and Middleware
 Creating Your Own Auth Server and Middleware
 --------------------------------------------
 
-The included swift/common/middleware/auth.py is a good minimal example of how
-to create auth middleware. The main points are that the auth middleware can
-reject requests up front, before they ever get to the Swift Proxy application,
-and afterwards when the proxy issues callbacks to verify authorization.
+The included swift/auth/server.py and swift/common/middleware/auth.py are good
+minimal examples of how to create an external auth server and proxy server auth
+middleware. Also, see the `Swauth <https://launchpad.net/swauth>`_ project for
+a more complete implementation. The main points are that the auth middleware
+can reject requests up front, before they ever get to the Swift Proxy
+application, and afterwards when the proxy issues callbacks to verify
+authorization.
 
 It's generally good to separate the authentication and authorization
 procedures. Authentication verifies that a request actually comes from who it

doc/source/howto_cyberduck.rst

@@ -90,26 +90,43 @@ Installing Swift For Use With Cyberduck
 
 #.  Example proxy-server config::
 
-        [proxy-server]
-        bind_port = 8080
-        user = swift
+        [DEFAULT]
         cert_file = /etc/swift/cert.crt
         key_file = /etc/swift/cert.key
-
-        [auth-server]
+        
+        [pipeline:main]
+        pipeline = healthcheck cache auth proxy-server
+        
+        [app:proxy-server]
+        use = egg:swift#proxy
+        
+        [filter:auth]
+        use = egg:swift#auth
         ssl = true
+        
+        [filter:healthcheck]
+        use = egg:swift#healthcheck
+        
+        [filter:cache]
+        use = egg:swift#memcache
 
 #.  Example auth-server config::
 
-        [auth-server]
-        default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1
-        user = swift
+        [DEFAULT]
         cert_file = /etc/swift/cert.crt
         key_file = /etc/swift/cert.key
+        
+        [pipeline:main]
+        pipeline = auth-server
+        
+        [app:auth-server]
+        use = egg:swift#auth
+        super_admin_key = devauth
+        default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1
 
 #.  Use swift-auth-add-user to create a new account and admin user::
 
-        ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ swift-auth-add-user --admin a3 b3 c3
+        ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ swift-auth-add-user -K devauth -a a3 b3 c3
         https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1/06228ccf-6d0a-4395-889e-e971e8de8781
 
     .. note::

swift/auth/server.py

@@ -337,6 +337,10 @@ class AuthController(object):
         return rv
 
     def is_account_admin(self, request, for_account):
+        """
+        Returns True if the request represents coming from .super_admin, a
+        .reseller_admin, or an admin for the account specified.
+        """
         if request.headers.get('X-Auth-Admin-User') == '.super_admin' and \
                request.headers.get('X-Auth-Admin-Key') == self.super_admin_key:
             return True