Revision history [back]

click to hide/show revision 1
initial version

Hi everybody, thank you so much for your suggestion, it helps me a lot so here is what done

i installed swift-1.4.2 and swauth.1.0.2, and i modified the porxy-server.conf here is the result :

+++++++++++++++++++/etc/swift/proxy-serve.conf+++++++++++++++++++++++++++++++++

[DEFAULT] bind_port = 443

bind_ip = 192.168.3.20

user = root log_facility = LOG_LOCAL1 cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key

[pipeline:main] pipeline = healthcheck cache tempauth proxy-server

[app:proxy-server] use = egg:swift#proxy allow_account_management = true

[filter:tempauth] use = egg:swift#tempauth user_admin_admin = admin .admin .reseller_admin user_test_tester = testing .admin https://192.168.3.20:443/v1/AUTH_test user_test2_tester2 = testing2 .admin user_test3_tester3 = testing3 .admin

[filter:swauth] use = egg:swift#swauth default_swift_cluster = local#https://192.168.3.20:443/v1#https://127.0.0.1:443/v1 user_admin_admin = admin .admin .reseller_admin user_test_tester = testing .admin https://192.168.3.20:443/v1/AUTH_test user_test2_tester2 = testing2 .admin user_test7_tester7 = testing7. admin user_test3_tester3 = testing3 .admin

[filter:healthcheck] use = egg:swift#healthcheck

[filter:cache] use = egg:swift#memcache memcache_servers = 192.168.3.20:11211 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ but i can't create another user: so i used test:tester testing and test2:tester2 testing2 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ oot@dtv-110702:/etc/swift# curl -k -v -H 'X-Storage-User: test2:tester2' -H 'X-Storage-Pass: testing2' https://192.168.3.20/auth/v1.0 * About to connect() to 192.168.3.20 port 443 (#0) * Trying 192.168.3.20... connected * Connected to 192.168.3.20 (192.168.3.20) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-SHA * Server certificate: * subject: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; emailAddress=moubarik.siham@yahoo.fr * start date: 2011-09-14 09:49:39 GMT * expire date: 2011-10-14 09:49:39 GMT * common name: r00t (does not match '192.168.3.20') * issuer: C=af; ST=maarif; L=casablanca; O=netfective; OU=ne; CN=r00t; emailAddress=moubarik.siham@yahoo.fr * SSL certificate verify result: self signed certificate (18), continuing anyway.

GET /auth/v1.0 HTTP/1.1 User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18 Host: 192.168.3.20 Accept: / X-Storage-User: test2:tester2 X-Storage-Pass: testing2

< HTTP/1.1 200 OK < X-Storage-Url: https://127.0.0.1:443/v1/AUTH_test2 < X-Storage-Token: AUTH_tkafc1df9ed9494caeb013500aadbdecf7 < X-Auth-Token: AUTH_tkafc1df9ed9494caeb013500aadbdecf7 < Content-Length: 0 < Date: Thu, 15 Sep 2011 10:36:17 GMT < * Connection #0 to host 192.168.3.20 left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@dtv-110702:/etc/swift# curl -v -H 'X-Auth-Token: AUTH_tkafc1df9ed9494caeb013500aadbdecf7' https://192.168.3.20:443/v1/AUTH_test2 * About to connect() to 192.168.3.20 port 443 (#0) * Trying 192.168.3.20... connected * Connected to 192.168.3.20 (192.168.3.20) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@dtv-110702:/etc/swift# swift -A https://192.168.3.20:443/auth/v1.0 -U test2:tester2 -K testing2 stat Account: AUTH_test2 Containers: 4 Objects: 4 Bytes: 1163576 Accept-Ranges: bytes root@dtv-110702:/etc/swift# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ but when I go to this link through the browser it gives the following result

https://192.168.3.20:443/auth/v1.0 401 Unauthorized This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.