Chapter 13. Authentication and Authorization
As you install and configure your cluster, you will probably need to integrate it with authentication and authorization systems. The OpenStack projects, including Swift, use a token-based protocol for both authentication and authorization. Authentication and authorization services are collectively referred as auth. To authenticate, the user provides credential information such as a username and password over HTTPS (or perhaps HTTP in the case of an insecure experimental cluster), and if the credentials are valid, the user receives a token that can be sent in with future requests as verification of her authentication.
In this chapter, we will start by examining how authentication works with Swift. Then we’ll cover authorization, which uses previously generated authentication information to determine what you’re allowed to do. We will also look at access control lists (ACLs), which let you grant access to individual containers or entire accounts. After this overview you will learn about some of the readily available auth services. Some of these are preloaded with Swift while others can be added through third-party middleware. In the final section, we explore access control in more detail.
Authentication
Swift does not require a specific default auth service. Instead, it allows administrators to plug one or more auth services into its framework. This flexibility lets you choose auth middleware components that meet your ...
Get OpenStack Swift now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.