Authentication in unified file and object access
The following information provides information about how file authentication and object authentication are configured for different identity management modes.
Authentication configuration in local_mode: separate identity between object and file
In this mode, objects that are created continue to be owned by the swift
user,
which is an administrator under whose context the object server runs on the system. Object
authentication can be configured to any supported authentication schemes since in this mode there is
no ID mapping of objects to user ID. And, file authentication can continue to be configured to any
supported authentication scheme.
For supported authentication schemes, see the Authentication support matrix table in Authentication considerations .
Authentication configuration in unified_mode: shared identity between object and file
This mode allows objects and files to be owned by the users' UID and the corresponding GID that
created them.
Important: Both the object protocol and the file protocol need to be
configured with the same authentication scheme for this mode.
The supported authentication
schemes for the unified mode are:- AD for Authentication + RFC 2307 for ID mapping
- LDAP for authentication and for ID mapping
Note: User-defined authentication is not supported with both of the identity management
modes.