Ondřej Nový 9b27778987 Changed Read the Docs TLD domain to .io
This change was requested from Read the Docs for security reasons

Change-Id: Ide2e42c64bd60b713eedd641f8b91b2dab50a880
2016-04-28 10:14:57 +02:00

2.5 KiB


An Auth Service for Swift as WSGI Middleware that uses Swift itself as a backing store. Docs at: https://swauth.readthedocs.io/ or ask in #openstack-swauth on freenode IRC.

See also https://github.com/openstack/keystone for the standard OpenStack auth service.


Be sure to review the docs at: https://swauth.readthedocs.io/

Quick Install

  1. Install Swauth with sudo python setup.py install or sudo python setup.py develop or via whatever packaging system you may be using.

  2. Alter your proxy-server.conf pipeline to have swauth instead of tempauth:


     pipeline = catch_errors cache tempauth proxy-server

    Change To:

     pipeline = catch_errors cache swauth proxy-server
  3. Add to your proxy-server.conf the section for the Swauth WSGI filter:

    [filter:swauth] use = egg:swauth#swauth set log_name = swauth super_admin_key = swauthkey

  4. Be sure your proxy server allows account management:

    [app:proxy-server] ... allow_account_management = true

  5. Restart your proxy server swift-init proxy reload

  6. Initialize the Swauth backing store in Swift swauth-prep -K swauthkey

  7. Add an account/user swauth-add-user -A -K swauthkey -a test tester testing

  8. Ensure it works swift -A -U test:tester -K testing stat -v

Web Admin Install

  1. If you installed from packages, you'll need to cd to the webadmin directory the package installed. This is /usr/share/doc/python-swauth/webadmin with the Lucid packages. If you installed from source, you'll need to cd to the webadmin directory in the source directory.

  2. Upload the Web Admin files with swift -A -U .super_admin:.super_admin -K swauthkey upload .webadmin .

  3. Open in your browser.

Swift3 Middleware Compatibility

Swift3 middleware can be used with swauth when auth_type in swauth is configured to be Plaintext (default).

pipeline = catch_errors cache swift3 swauth proxy-server

It can be used with auth_type set to Sha1/Sha512 too but with certain caveats. Refer to swift3 compatibility section in documentation for further details