Home > keystone, openstack > tempauth – A lightweight Authentication method in OpenStack

tempauth – A lightweight Authentication method in OpenStack

 

Although keystone is the default  and highly used Identity service which provides means of authentication (and Authorization, which is out of scope in this note)  for OpenStack services and users,  tempauth is really light weight and toy approach for the same purpose used in openstack which in times become handy to work with.  For example, figure 1, shows tempauth being used with Swift proxy server for authentication.

In this post, I would rephrase some details of tempauth.

 

tempauth used in Swift

Fig1: tempauth used in Swift

 

tempauth credential

Fig2: tempauth credential

 

As depicted in  figure 2 which is an excerpt of  paste deployment configuration file, shows credential (username, password, roles) for users.

 

For example in fig2,  the first highlighted box admin_admin means a user named admin:admin, with password admin with roles admin and reseller_admin. 

 

Similarly, the second line shows an entry of user ‘test:tester’ having password testing with role admin.

 

In this way, in the temp_auth we have  users credential listed. If any user is not in this list, the user will not be authenticated.

How to use tempauth:

Fig 3, shows the curl command for using tempauth for API version 1.0. As you can see tempauth has generated a temporary token for us to work work.

 

Fig3: authentication with tempauth using curl

Fig3: authentication with tempauth using curl

 

If you want to access the X-Auth-Token and X-Storage-Token in a shell variable to work on, use following command:

 

export STORAGE_URL=`curl -v -H  X-Auth-User:admin:admin -H  X-Auth-Key:admin  http://localhost/auth/v1.0/ 2>&1 | grep X-Storage-Url | awk ‘{print $3}’`

export TOKEN=`curl -v -H  X-Auth-User:admin:admin -H  X-Auth-Key:admin  http://localhost/auth/v1.0/ 2>&1 | grep X-Auth-Token| awk ‘{print $3}’`

Further reading:

 

while learning tempauth, I found this links interesting which you may be interested with.

1. https://swiftstack.com/blog/2012/01/04/swift-tempauth/

2. http://www.gossamer-threads.com/lists/openstack/dev/23040

3. http://www.stephenbroeker.com/2012/03/28/openstack-swift-tempauth-module/

Advertisements
Categories: keystone, openstack Tags: ,
  1. csaket
    December 1, 2016 at 3:22 pm

    make sure to strip the carriage return from the output of curl before grepping

  1. February 26, 2014 at 10:39 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: