40
40
# If set to 'true' any authorized user may create and delete accounts; if
41
41
# 'false' no one, even authorized, can.
42
42
# allow_account_management = false
43
# Set object_post_as_copy = false to turn on fast posts where only the metadata
44
# changes are stored anew and the original data file is kept in place. This
45
# makes for quicker posts; but since the container metadata isn't updated in
46
# this mode, features like container sync won't be able to sync posts.
47
# object_post_as_copy = true
48
# If set to 'true' authorized accounts that do not yet exist within the Swift
49
# cluster will be automatically created.
50
# account_autocreate = false
45
use = egg:swift#swauth
53
use = egg:swift#tempauth
46
54
# You can override the default log routing for this filter here:
47
# set log_name = auth-server
55
# set log_name = tempauth
48
56
# set log_facility = LOG_LOCAL0
49
57
# set log_level = INFO
50
58
# set log_headers = False
54
62
# multiple auth systems are in use for one Swift cluster.
55
63
# reseller_prefix = AUTH
56
64
# The auth prefix will cause requests beginning with this prefix to be routed
57
# to the auth subsystem, for granting tokens, creating accounts, users, etc.
65
# to the auth subsystem, for granting tokens, etc.
58
66
# auth_prefix = /auth/
59
# Cluster strings are of the format name#url where name is a short name for the
60
# Swift cluster and url is the url to the proxy server(s) for the cluster.
61
# default_swift_cluster = local#http://127.0.0.1:8080/v1
62
# You may also use the format name#url#url where the first url is the one
63
# given to users to access their account (public url) and the second is the one
64
# used by swauth itself to create and delete accounts (private url). This is
65
# useful when a load balancer url should be used by users, but swauth itself is
66
# behind the load balancer. Example:
67
# default_swift_cluster = local#https://public.com:8080/v1#http://private.com:8080/v1
68
67
# token_life = 86400
70
# Highly recommended to change this.
71
super_admin_key = swauthkey
68
# Lastly, you need to list all the accounts/users you want here. The format is:
69
# user_<account>_<user> = <key> [group] [group] [...] [storage_url]
70
# There are special groups of:
71
# .reseller_admin = can do anything to any account for this auth
72
# .admin = can do anything within the account
73
# If neither of these groups are specified, the user can only access containers
74
# that have been explicitly allowed for them by a .admin or .reseller_admin.
75
# The trailing optional storage_url allows you to specify an alternate url to
76
# hand back to the user upon authentication. If not specified, this defaults to
77
# http[s]://<ip>:<port>/v1/<reseller_prefix>_<account> where http or https
78
# depends on whether cert_file is specified in the [DEFAULT] section, <ip> and
79
# <port> are based on the [DEFAULT] section's bind_ip and bind_port (falling
80
# back to 127.0.0.1 and 8080), <reseller_prefix> is from this section, and
81
# <account> is from the user_<account>_<user> name.
82
# Here are example entries, required for running the tests:
83
user_admin_admin = admin .admin .reseller_admin
84
user_test_tester = testing .admin
85
user_test2_tester2 = testing2 .admin
86
user_test_tester3 = testing3
73
88
[filter:healthcheck]
74
89
use = egg:swift#healthcheck
added
removed
etc/proxy-server.conf-sample
