Almost in every OpenStack Swift documentation is mentioned that TempAuth is a solution just for test non-prod environment (however it's fully functional).
The key reason to don't use this approach in prod that user-creds are stored in plain configuration file that decrease overall security for Object storage.
On the other hand if App is using Object Storage internally (so it's only stores files in the internal infrastructure) and authentication and authorization is provided by App itself it seems such approach might be suitable for production usage.
Could you please share any other drawbacks of TempAuth usage on prod environment taking into account that object storage is internal (or add additional arguments that it's ok :) )?
OpenStack Swift TempAuth authentication prod usage
319 Views Asked by user1459144 At
1
There are 1 best solutions below
Related Questions in OPENSTACK
- Failed to launch instance
- Instance creation in devstack icehouse
- Openstack token, I can get token with curl but can't with urllib
- where to edit physical_interface_mappings for openstack neutron network
- Creating a Virtual Machine on Bluemix, is giving an error while importing ssh key
- Using Chef with OpenStack, what would encourage me to use Heat templates?
- openstack - stack.sh fails on syntax errors
- Keystone connection fail
- What is meaning of gettext('Some Text') in Openstack
- Openstack Heat & Ansible. VM spinup and App deployment
- Launch an instance from a non-glance image in OpenStack
- what's the default timeout of func
- Network Block Device - Receive control failed (result -32) - Kernel 3.16.0-41
- Bluemix: Cannot create VM with public IP
- Openstack: Participating in localization
Related Questions in OPENSTACK-SWIFT
- How to set the read ACL on container in open stack swift such that allow Read for all users and deny for one user
- Accessing files stored in Swift object from inside a OpenStack VM instance
- Authentication SAIO (swift all in one) using libCurl API in C++
- What is configuartion required to get data from object storage by SWIFT in Spark
- Improve download/delete speed of large chunked files in Openstack Swift
- Exception when parsing Json response from Swift api
- Is there a relation between available RAM and Ring size in OpenStack SWIFT?
- issues working with python generators and openstack swift client
- Auth GET failed: 500 Internal Server Error
- Expiring Swift objects with jclouds
- What's the best method to let the users access the file in Openstack Swift?
- swift stack install fails due to ssl certificate mismatch
- How do you copy file across account with SwiftService
- Swift (OpenStack Storage) Installation
- Ceilometer launch error with ceilometer-collector
Related Questions in OPENSTACK-KEYSTONE
- set MFA options for user using keystoneclient module
- Keystone service in OpenStack consumes a lot of CPU
- XDG_SESSION_TYPE error on devstack installation
- ERROR when trying to Create projects in openstack (Missing value auth-url required for auth plugin password )
- How do I enable logging of successful authorizations in keystone?
- /etc/keystone/fernet-keys/ does not contain keys, use keystone-manage fernet_setup to create Fernet keys
- Configure the administrative account
- openstack : Deleted a project/tenant my mistake. How to restore it without rolling back the controller DB backup
- Manual Openstack Install: WARNING: ... No Policy rules for service 'identity'
- Authenticate against keystone API using Application Credential
- OpenStack Swift TempAuth authentication prod usage
- Can external API endpoints be registered in Openstack Keystone service catalogue/registry?
- Do we have send email feature in Open Stack?
- Confused by tenant, project, user, account in openstack and swift
- I'm curious about Openstack Token, which is about the starting point of issuing Scoped between Horizon, Keystone, and Nova
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I think the problem with tempauth is that,it is built in module in the Swift, and cant be used as an external authentication module in distributed swift storage systems. but keystone can.