swauth/etc/proxy-server.conf-sample

[DEFAULT]
# Standard from Swift

[pipeline:main]
# Standard from Swift, this is just an example of where to put swauth
pipeline = catch_errors healthcheck cache ratelimit swauth proxy-server

[app:proxy-server]
# Standard from Swift, main point to note is the inclusion of
# allow_account_management = true (only for the proxy servers where you want to
# be able to create/delete accounts).
use = egg:swift#proxy
allow_account_management = true

[filter:swauth]
use = egg:swauth#swauth
# You can override the default log routing for this filter here:
#   set log_name = swauth
#   set log_facility = LOG_LOCAL0
#   set log_level = INFO
#   set log_headers = False
#   set log_address = /dev/log
# The reseller prefix will verify a token begins with this prefix before even
# attempting to validate it. Also, with authorization, only Swift storage
# accounts with this prefix will be authorized by this middleware. Useful if
# multiple auth systems are in use for one Swift cluster.
#   reseller_prefix = AUTH
# If you wish to use a Swauth service on a remote cluster with this cluster:
#   swauth_remote = http://remotehost:port/auth
#   swauth_remote_timeout = 10
# When using swauth_remote, the rest of these settings have no effect.
#
# The auth prefix will cause requests beginning with this prefix to be routed
# to the auth subsystem, for granting tokens, creating accounts, users, etc.
#   auth_prefix = /auth/
# Cluster strings are of the format name#url where name is a short name for the
# Swift cluster and url is the url to the proxy server(s) for the cluster.
#   default_swift_cluster = local#http://127.0.0.1:8080/v1
# You may also use the format name#url#url where the first url is the one
# given to users to access their account (public url) and the second is the one
# used by swauth itself to create and delete accounts (private url). This is
# useful when a load balancer url should be used by users, but swauth itself is
# behind the load balancer. Example:
#   default_swift_cluster = local#https://public.com:8080/v1#http://private.com:8080/v1
# Number of seconds a newly issued token should be valid for, by default.
#   token_life = 86400
# Maximum number of seconds a newly issued token can be valid for.
#   max_token_life = <same as token_life>
# Specifies how the user key is stored. The default is 'plaintext', leaving the
# key unsecured but available for key-signing features if such are ever added.
# An alternative is 'sha512' which stores only a one-way hash of the key leaving
# it secure but unavailable for key-signing.
#   auth_type = plaintext
# Used if the auth_type is sha1 or sha512. Salt is data(text) that is used as
# an additional input to the one-way encoding function. If not set, a random
# salt will be generated for each password.
#   auth_type_salt =
# This allows middleware higher in the WSGI pipeline to override auth
# processing, useful for middleware such as tempurl and formpost. If you know
# you're not going to use such middleware and you want a bit of extra security,
# you can set this to false.
#   allow_overrides = true
# This allows swauth to PUT authentication related objects over a specific
# storage policy instead of the default one. When this is set, all requests
# sent by swauth will contain X-Storage-Policy header with its value set
# to the value specified here.
#   default_storage_policy =
# Highly recommended to change this. If you comment this out, the Swauth
# administration features will be disabled for this proxy.
super_admin_key = swauthkey

[filter:ratelimit]
# Standard from Swift
use = egg:swift#ratelimit

[filter:cache]
# Standard from Swift
use = egg:swift#memcache

[filter:healthcheck]
# Standard from Swift
use = egg:swift#healthcheck

[filter:catch_errors]
# Standard from Swift
use = egg:swift#catch_errors