Authentication in unified file and object access

The following information provides information about how file authentication and object authentication are configured for different identity management modes.

Authentication configuration in local_mode: separate identity between object and file

In this mode, objects that are created continue to be owned by the swift user, which is an administrator under whose context the object server runs on the system. Object authentication can be configured to any supported authentication schemes since in this mode there is no ID mapping of objects to user ID. And, file authentication can continue to be configured to any supported authentication scheme.

For supported authentication schemes, see the Authentication support matrix table in Authentication considerations .

Authentication configuration in unified_mode: shared identity between object and file

This mode allows objects and files to be owned by the users' UID and the corresponding GID that created them.
Important: Both the object protocol and the file protocol need to be configured with the same authentication scheme for this mode.
The supported authentication schemes for the unified mode are:
  • AD for Authentication + RFC 2307 for ID mapping
  • LDAP for authentication and for ID mapping
Note: User-defined authentication is not supported with both of the identity management modes.