Dell DX6004S DX Object Storage Application Guide - Page 54
Updating the Realm on a Bucket, 8. Administrative Override and Security
View all Dell DX6004S manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 54 highlights
htdigest is maintained by Apache. Consult the Apache wiki or bug report page for up-to-date information about it. Dell testing and experience recommends you observe the following guidelines when using htdigest: • On Windows, avoid creating a password file with a reserved extension, such as .com. • If either the password file name or your realm name includes spaces, enclose the name in double quotes. 12.7. Updating the Realm on a Bucket After you create the realm, you must update it on the cluster to add the headers CastorAuthorization and Castor-Stream-Type: admin. The Castor-Authorization header restricts access to the realm. For more information about authorization headers, see Section 12.3, "About Authorization Header Syntax". The examples in this chapter use curl. You should adapt these examples for the client application you are using. To update the realm using curl, use the following syntax: curl -X APPEND -H "Castor-Authorization: authorization-specification[, authorization-specification][...]" -H "Castor-Stream-Type: admin" --databinary @realm --anyauth -u "authorized-user-name:password" --locationtrusted http://cluster-node-ip/bucket-name --post301 [-D log-file-name] authorized-user-name:password correspond to the owner of the realm whose password file you are uploading. authorization-specification is discussed in Section 12.3, "About Authorization Header Syntax". Note • The preceding syntax uses APPEND, which is recommended because APPEND does not change the Castor-Authorization header for the object. • Castor-Stream-Type: admin is recommended for all realms. This header is expected to be implemented in an upcoming DX Storage release. More examples are shown in subsequent chapters in this guide. 12.8. Administrative Override and Security Administrative override means performing an SCSP operation that is otherwise forbidden by an Allow header or by the Castor-Authentication header. The purpose of administrative override is to prevent objects from being stranded with no way of being updated. To perform administrative override, you must use the admin query argument and authenticate with cluster administrator credentials. Administrative override can be used with unnamed and named objects to perform any protected SCSP operation, even if an authorized user name and password is not known. For example, if an object requires authentication to be deleted but the authorized user name or password is not known, a cluster administrator can use administrative override to delete the object. For more information, see Section 17.2, "Administrative Override" Copyright © 2010 Caringo, Inc. All rights reserved 49 Version 5.0 December 2010