swauth

x/swauth

RETIRED, An alternative authentication system for Swift

Go to file

Jenkins 15745ad0c6 Merge "Don't ignore logger exception"		2016-11-08 11:34:34 +00:00
bin	Add support for setting already hashed password	2016-05-24 12:08:38 +02:00
doc	s3: Make s3 support configurable	2016-07-28 23:07:35 +05:30
etc	Allow configuring salt manually	2016-02-29 11:49:11 +05:30
swauth	Don't ignore logger exception	2016-10-29 15:14:29 +02:00
test	s3: Make s3 support configurable	2016-07-28 23:07:35 +05:30
webadmin	Webadmin logout fix.	2015-04-23 14:53:08 +02:00
.coveragerc	Change setup.py to OS one	2015-11-18 10:54:03 +01:00
.gitignore	.tox directory added to .gitignore	2015-11-23 20:55:32 +01:00
.gitreview	Add .gitreview file	2015-11-12 12:19:13 +01:00
.mailmap	.mailmap	2015-12-13 19:13:14 +01:00
.unittests	Rename of "test_swauth" to "test" fix	2015-12-13 15:40:57 +01:00
AUTHORS	Release 1.2.0	2016-09-22 13:36:42 +02:00
babel.cfg	Initial commit of original codebase, altered to work in new codebase.	2011-05-26 10:39:59 +00:00
CHANGELOG	Release 1.2.0	2016-09-22 13:36:42 +02:00
CONTRIBUTING.rst	Add IRC link	2015-11-25 14:16:18 +01:00
LICENSE	Initial commit of original codebase, altered to work in new codebase.	2011-05-26 10:39:59 +00:00
MANIFEST.in	Rename of "test_swauth" to "test" fix	2015-12-13 15:40:57 +01:00
README.md	s3: Make s3 support configurable	2016-07-28 23:07:35 +05:30
requirements.txt	Updated from global requirements	2016-02-19 18:57:12 +00:00
setup.cfg	Remove outdated locale	2016-01-31 22:15:29 +01:00
setup.py	Updated from global requirements	2015-12-13 10:36:52 +00:00
test-requirements.txt	Added Bandit	2016-10-17 21:00:30 +02:00
tox.ini	Merge "Don't ignore logger exception"	2016-11-08 11:34:34 +00:00

README.md

Swauth

An Auth Service for Swift as WSGI Middleware that uses Swift itself as a backing store. Docs at: https://swauth.readthedocs.io/ or ask in #openstack-swauth on freenode IRC.

See also https://github.com/openstack/keystone for the standard OpenStack auth service.

NOTE

Be sure to review the docs at: https://swauth.readthedocs.io/

Quick Install

Install Swauth with sudo python setup.py install or sudo python setup.py develop or via whatever packaging system you may be using.

Alter your proxy-server.conf pipeline to have swauth instead of tempauth:

Was:

 [pipeline:main]
 pipeline = catch_errors cache tempauth proxy-server

Change To:

 [pipeline:main]
 pipeline = catch_errors cache swauth proxy-server

Add to your proxy-server.conf the section for the Swauth WSGI filter:

[filter:swauth] use = egg:swauth#swauth set log_name = swauth super_admin_key = swauthkey
Be sure your proxy server allows account management:

[app:proxy-server] ... allow_account_management = true
Restart your proxy server swift-init proxy reload
Initialize the Swauth backing store in Swift swauth-prep -K swauthkey
Add an account/user swauth-add-user -A http://127.0.0.1:8080/auth/ -K swauthkey -a test tester testing
Ensure it works swift -A http://127.0.0.1:8080/auth/v1.0 -U test:tester -K testing stat -v

Web Admin Install

If you installed from packages, you'll need to cd to the webadmin directory the package installed. This is /usr/share/doc/python-swauth/webadmin with the Lucid packages. If you installed from source, you'll need to cd to the webadmin directory in the source directory.
Upload the Web Admin files with swift -A http://127.0.0.1:8080/auth/v1.0 -U .super_admin:.super_admin -K swauthkey upload .webadmin .
Open http://127.0.0.1:8080/auth/ in your browser.

Swift3 Middleware Compatibility

Swift3 middleware can be used with swauth when auth_type in swauth is configured to be Plaintext (default).

[pipeline:main]
pipeline = catch_errors cache swift3 swauth proxy-server

It can be used with auth_type set to Sha1/Sha512 too but with certain caveats and security concern. Hence, s3 support is disabled by default and you have to explicitly enable it in your configuration. Refer to swift3 compatibility section in documentation for further details