Feature #5506
rgw: use Keystone to authenticate S3 requests
Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
other
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:
Description
The idea is that there should be an alternative way to authenticate S3 requests. Currently we handle the S3 authentication by verifying signature against the one we calculate by having the user credentials internally. However, certain deployments might just want to have the S3 users controlled by Keystone, and not create their credentials on the rados backend. We do a similar thing with swift, in which we send a request to Keystone to verify the tokens that we get. With S3 it's a bit different, as there's no real way to cache the 'tokens'. But in any case, it'll require sending a request to Keystone to validate the signature.
History
#1 Updated by Yehuda Sadeh over 10 years ago
- Status changed from New to Fix Under Review
#2 Updated by Yehuda Sadeh about 10 years ago
- Status changed from Fix Under Review to Resolved
Done by Roald van Loon, commit:a200e184b15a03a4ca382e94caf01efb41cb9db7