Dell DX6000 Administration Manual page 27
Dx object storage administration guide version 5.0
Hide thumbs
Also See for DX6000:
- Hardware owner's manual (198 pages) ,
- Getting started with your system (124 pages) ,
- Application manual (81 pages)
Table of Contents
Advertisement
4.7.1.3. Using Override to Resolve Authorization Specification Issues
This section discusses how to resolve issues with authorization specifications that render objects
inaccessible. You can perform these tasks to reset the authorization specification for any object,
even an object for which an authorized user name and password are not known.
To resolve this issue, you must PUT to the object the user list and the authorization specification
using the admin query argument, authenticating with your cluster administrator credentials.
Important
Do not use this procedure if the current Castor-Authorization header uses owner@
or @owner syntax because the CAStor administrator realm becomes the owner
of the object and, as a result, no other realm can change the authorization specification
later.
A sample procedure follows.
1. Create the user list.
A user list (also referred to as a security realm or realm) is a collection of user credentials, each
of which includes an MD5 hash using the
You compute user list or realm from the string username:realm:password.
Important
The realm name must exactly match the name of the domain or bucket.
For example to create a user list for a domain, htdigest cluster_example_com
cluster.example.com sample.username
To create a user list for mybucket in the same domain, htdigest
cluster_example_com_mybucket cluster.example.com/mybucket
sample.username
2. HEAD the current value of the Castor-Authorization header for the object.
curl --anyauth -u "your-username:your-password" --location-trusted
"http://node-ip[/bucket-name]?admin[&domain=name]" [-D log-file-name]
You must specify domain=name in a HEAD for a domain. If the HEAD is for a bucket, the domain
name is required as the Host in the request if the domain is not the default cluster domain.
Important
If the Castor-Authorization header includes @owner or owner@, stop.
GET the user list for the object and confirm whether or not any realm has post or
change privileges to the object. (For example, if the Castor-Authorization
header includes change=@owner, any user in the object owner's realm can modify the
object.) Ask one of those users to modify the Castor-Authorization header.
If no user can modify a Castor-Authorization header that includes @owner or
owner@, you can either take ownership of the object permanently by continuing with
Copyright © 2010 Caringo, Inc.
All rights reserved
HTTP Digest
authentication algorithm.
22
Version 5.0
December 2010
Advertisement
Table of Contents
