No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Object Storage Service (Compatible with OpenStack Swift APIs) Administrator Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Keystone Server Authentication

Keystone Server Authentication

Users of the object storage service are authenticated by the third-party Keystone server. OceanStor 9000 supports Keystone V3.0 and is compatible with V2.0.

Concepts

Keystone is an OpenStack component used to manage and authenticate users. Users of the object storage service are authenticated by the Keystone server.

Table 2-1 describes some basic concepts in Keystone. The concepts are compared to commonly seen objects to make it easier for us to understand.

Table 2-1  Basic concepts in Keystone

Concept

Description

Analogy

Tenant

A collection of resources that can be accessed.

Hotel

User

A user needs a token to access the object storage service.

Before accessing a tenant, a user must be related to the tenant and assigned with a tenant role.

Guests in the hotel

Role

Different roles have different right levels.

The people with a higher VIP level have more rights.

Token

A user can obtain a token for a tenant using its user name and password. With this token, the user can access the OceanStor 9000.

Room card

Authentication Process

Users of the object storage service are managed and authenticated by the Keystone server. Opening an account is also performed on the Keystone server. Figure 2-1 shows the process of opening an account and using this account to access the object storage service. The account is authenticated by the Keystone server during the access.

You are advised to use physical isolation and end-to-end encryption to ensure security of data transfer between OceanStor 9000 and Keystone server.
Figure 2-1  Keystone authentication process
Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122524

Views: 9156

Downloads: 86

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next