Configuring local authentication for object access
Object access can be configured with the Keystone server that is available in the IBM Spectrum Scale™ system. In this mode, Keystone stores the identity and assignment information locally in its database.
The local authentication method is useful when you want to create and maintain a separate set of
users for only object access. These users cannot use the local authentication credentials for
accessing file data that is hosted through NFS and SMB protocols. If you want to allow a user to
access both file and object, use an external authentication server such as AD or LDAP to manage user
accounts and authentication requests.
Note: File and object authentication must be configured with
individual invocations of the mmuserauth command, even if the authentication
server is the same.
You need to use the mmuserauth service create command with the following
mandatory parameters to configure local authentication for object access:
- --type local
- --data-access-method object
- --ks-admin-user keystoneAdminName
- --ks-admin-pwd keystoneAdminPwd. If not provided, the system prompts to enter the password during the command execution.
For more information on each parameter, see the mmuserauth service create command.