devAuth 是swift原生的认证中间层,
Swauth是为了解决devAuth不能扩展的问题而开发的替代方案。
Quick Install
#git clone
https://github.com/gholt/swauth.git
1) Install Swauth with sudo or
python setup.py
installsudo or via
python setup.py develop
whatever packaging system you may be using.
2) Alter your proxy-server.conf pipeline to have swauth instead of
tempauth:
Was::
[pipeline:main]
pipeline = catch_errors cache tempauth proxy-server
Change To::
[pipeline:main]
pipeline = catch_errors cache swauth proxy-server
3) Add to your proxy-server.conf the section for the Swauth WSGI filter::
[filter:swauth]
use = egg:swauth#swauth
set log_name = whatever super_admin_key = password
4) Restart your proxy server swift-init proxy reload
5) Initialize the Swauth backing store in Swift swauth-prep -K password -A https://127.0.0.1/auth/
6) Add an account/user swauth-add-user -A https://127.0.0.1/auth/ -K password -a test tester testing
7) Ensure it works swift -A https://127.0.0.1/auth/v1.0 -U test:tester -K testing stat -v
Web Admin Install
1) If you installed from packages, you'll need to cd to the webadmin directory the package installed. This is /usr/share/doc/python-swauth/webadminwith the Lucid packages. If you installed from source, you'll need to cd to the webadmin directory in the source directory.
# cd /usr/src/lyq/gholt-swauth-69fd700/webadmin
2) Upload the Web Admin files with swift -A https://127.0.0.1/auth/v1.0 -U .super_admin:.super_admin -K password upload .webadmin .
3) Open https://192.168.1.70/auth/ in your browser.
and Input user: .super_admin key: password
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
My proxy-sever.conf
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_port = 443
user = root
log_facility = LOG_LOCAL1
[pipeline:main]
pipeline =
healthcheck cache swauth proxy-server
[app:proxy-server]
use =
egg:swift#proxy
allow_account_management =
true
[filter:swauth]
use =
egg:swauth#swauth
default_swift_cluster =
local#https://192.168.1.70:443/v1#https://127.0.0.1:443/v1
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
set log_name = root
super_admin_key = password
[filter:healthcheck]
use =
egg:swift#healthcheck
[filter:cache]
use =
egg:swift#memcache
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Hidden configuration options
Mac
Type the defaults command given in a Terminal.app (in /Applications/Utilities) window and restart Cyberduck.
defaults write ch.sudo.cyberduck <property> <value>
Windows
Quit Cyberduck if it is currently running before editing any configuration file. You need to add the setting to AppData\Cyberduck.exe_Url_*\[Version]\user.config as follows:
...
<setting name="CdSettings" serializeAs="Xml">
<value>
<settings>
<setting name="[property]" value="[value]" />
...
</settings>
</value>
</setting>
C:\Users\Gurad\AppData\Roaming\Cyberduck\Cyberduck.exe_Url_2lo40rrsb1ocwd4jaezr0bb42ppyulnb\4.0.2.8601
<setting name="cf.authentication.context "value="/auth/v1.0" />
Authentication Context Path ?
Authentication with devauth
No configuration change should be needed.
Authentication with swauth
To change the context of the URL from the default /v1.0, use the hidden configuration option defaults write ch.sudo.cyberduck cf.authentication.context <string>.
defaults write ch.sudo.cyberduck cf.authentication.context /auth/v1.0