Configuring local authentication for object access

Object access can be configured with the Keystone server that is available in the IBM Storage Scale system. In this mode, Keystone stores the identity and assignment information locally in its database.

Important:
  • CES Swift Object protocol feature is not supported from IBM Storage Scale 5.2.0 onwards.
  • IBM Storage Scale 5.1.8 is the last release that has CES Swift Object protocol.
  • IBM Storage Scale 5.2.0 will tolerate the update of a CES node from IBM Storage Scale 5.1.8.
    • Tolerate means:
      • The CES node will be updated to 5.2.0.
      • Swift Object support will not be updated as part of the 5.2.0 update.
      • You may continue to use the version of Swift Object protocol that was provided in IBM Storage Scale 5.1.8 on the CES 5.2.0 node.
      • IBM will provide usage and known defect support for the version of Swift Object that was provided in IBM Storage Scale 5.1.8 until you migrate to a supported object solution that IBM Storage Scale provides.
  • Please contact IBM for further details and migration planning.

Local authentication is useful when you want to create and maintain a separate set of users to only access Object. These users cannot use the local authentication credentials for accessing file data that is hosted through Network File System (NFS) and Server Message Block (SMB) protocols.

You can allow a user to access both file and object. Use an external authentication server such as Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) to manage user accounts and authentication requests.
Note: File and object authentication must be configured with individual invocations of the mmuserauth command, even if the authentication server is the same.
You must use the mmuserauth service create command with the following mandatory parameters to configure local authentication for object access:
  • --type local
  • --data-access-method object
  • --ks-admin-user keystoneAdminName

For more information, see mmuserauth command.

  1. To configure local authentication for object access, run the following command as shown in this example: 
    # mmuserauth service create --data-access-method object --type local 
--ks-dns-name cluster-ces-ip.ibm --ks-admin-user admin
    The system displays the following output: 
    Object configuration with local (Database) as identity backend is completed 
successfully.
Object Authentication configuration completed successfully.
  2. To verify the authentication configuration, run the following command as shown in this example: 
    # mmuserauth service list
    The system displays the following output:
    FILE access not configured
PARAMETERS               VALUES
-------------------------------------------------

OBJECT access configuration : LOCAL
PARAMETERS               VALUES
-------------------------------------------------
ENABLE_KS_SSL            false
ENABLE_KS_CASIGNING      false
KS_ADMIN_USER            admin