Use the following steps to configure object access with
the Keystone server that is available in the IBM Spectrum
Scale system with
SSL enabled.
- Obtain certificates from the certificate authority (CA) and place them at the following
location on the current node from where the mmuserauth service create command is
being run.
/var/mmfs/tmp/ssl_cert.pem
/var/mmfs/tmp/ssl_key.pem
/var/mmfs/tmp/ssl_cacert.pem
Note:
- Self-signed certificates can be used for testing and demonstration purposes. However, the use of
externally signed certificates is recommended for production environments.
- The name in the SSL certificate must match the Keystone endpoint name.
- Remove existing local authentication for object access
as follows.
mmuserauth service remove --data-access-method object
- Configure local authentication with SSL for object access
as follows.
mmuserauth service create --data-access-method object --type local --enable-ks-ssl
Local authentication is now configured for object access
with SSL enabled.
To disable SSL and configure local authentication
for object access again, use the following steps.
- Remove existing local authentication for object access
as follows.
mmuserauth service remove --data-access-method object
If
you are also changing authentication type, remove authentication and
ID mappings by using the following commands in sequence.
mmuserauth service remove --data-access-method object
mmuserauth service remove --data-access-method object --idmapdelete
- Configure local authentication without SSL for object access
as follows.
mmuserauth service create --data-access-method object --type local