Configuring local authentication for object access
Object access can be configured with the Keystone server that is available in the IBM Spectrum Scale™ system. In this mode, Keystone stores the identity and assignment information locally in its database.
The local authentication method is useful when you want
to create and maintain a separate set of users for only object access.
These users cannot use the local authentication credentials for accessing
file data that is hosted through NFS and SMB protocols. If you want
to allow a user to access both file and object, use an external authentication
server such as AD or LDAP to manage user accounts and authentication
requests.
Note: You cannot configure both file and object authentication
method at one go, even if the authentication server is the same.
You
need to use the mmuserauth service create command
with the following mandatory parameters to configure local authentication
for object access:
- --type local
- --data-access-method object
- --ks-dns-name keystoneDNSName
- --ks-admin-user keystoneAdminName
- --ks-admin-pwd keystoneAdminPwd. If not provided, the system prompts to enter the password during the command execution.
- --enable-ks-ssl, if SSL needs to be enabled.
- --enable-ks-casigning, if you want to use external CA signed certificate for token signing.
For more information on each parameter, see the mmuserauth service create command.