Cyberduck Mountain Duck CLI

#5892 closed defect (duplicate)

Swauth authentication

Reported by: btorch Owned by: dkocher
Priority: normal Milestone:
Component: openstack Version: 4.0.2
Severity: normal Keywords:
Cc: Architecture: Intel
Platform: Mac OS X 10.5

Description (last modified by dkocher)

First of, thank you very much for all the hard work you have put into this awesome app. I've had many people approach me asking for help with cyberduck and openstack-swift so I decided to try it out myself. It always worked in the past with our devauth authentication system.

I've tried the following with openstack-swift 1.2.0 using swauth. When using devauth, the authentication step works fine but I believe devauth is getting deprecated on 1.3.0.

What I have noticed from the cyberduck logs and my swift logs is that, When trying to swauth, cyberduck is passing only /v1.0 and not the whole "Path" value that is used in the connection configuration (Path = /auth/v1.0) therefore the swift precondition fails.

GET /v1.0 HTTP/1.1
x-auth-user: external:marcelo
x-auth-key: XXXXXXXXX
Host: auth.swift.domain.com:8443
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.1 412 Precondition Failed
Content-Type: text/html; charset=UTF-8
Content-Length: 7
Date: Sun, 10 Apr 2011 14:02:03 GMT
Connection: keep-alive

swift logs:

Apr 10 14:02:03 swtester1 proxy-server %3A%3Affff%3A71.11.14.124 127.0.0.1 10/Apr/2011/14/02/03 GET /v1.0 HTTP/1.0 412 - Cyberduck/4.0.2%20%28Mac%20OS%20X/10.5.8%29%20%28i386%29 - - - - tx5be478af-99b4-4df9-bf15-209b07e7daf6 - 0.0004

When I change my swift system to use DevAuth, the authentication works but when trying to perform a GET on the StorageUrl that it receives back from auth, cyberduck seems to be using the same connection that it already has open on port 8443.

On my environment I see that the GET request on the account is actually going to the DevAuth service when it should be going to https://swift.domain.com . I have also noticed that it also adds the /v1.0 at the end of the StorageUrl but on the second try it removes that which means it would have probably worked if the request had been sent to 443 and not 8443.

GET /v1.0 HTTP/1.1
x-auth-user: external:marcelo
x-auth-key: XXXXXX
Host: auth.swift.domain.com:8443
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.1 204 No Content
X-Storage-Url: https://swift.domain.com/v1/AUTH_50a8dbc55fb14808a3770b2e19599997
X-Storage-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
Content-Length: 0
Date: Sun, 10 Apr 2011 14:22:01 GMT
Connection: keep-alive

GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F HTTP/1.1
X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
Host: swift.domain.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.0 503 Service Unavailable
Content-Type: text/html
Content-Length: 53
Expires: now
Pragma: no-cache
Cache-control: no-cache,no-store

GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997?format=xml HTTP/1.1
X-Auth-Token: AUTH_tk23d87b5332554a8792b5c3940ea8b7e3
Host: swift.domain.com
Connection: Keep-Alive
User-Agent: Cyberduck/4.0.2 (Mac OS X/10.5.8) (i386)
HTTP/1.0 503 Service Unavailable
Content-Type: text/html
Content-Length: 53
Expires: now
Pragma: no-cache
Cache-control: no-cache,no-store
Apr 10 15:03:05 swtester1 pound: 12.11.13.24 GET /v1.0 HTTP/1.1 - HTTP/1.1 204 No Content

Apr 10 15:03:05 swtester1 pound: (7fa851125700) e503 no service "GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F HTTP/1.1" from 12.11.13.24

Apr 10 15:04:07 swtester1 pound: (7fa851125700) e503 no service "GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997/v1.0?format=xml&prefix=auth%2F&delimiter=%2F HTTP/1.1" from 12.11.13.24

Apr 10 15:04:08 swtester1 pound: (7fa851125700) e503 no service "GET /v1/AUTH_50a8dbc55fb14808a3770b2e19599997?format=xml HTTP/1.1" from 12.11.13.24

In order to make sure that the request was indeed going to the auth system on port 8443, I had pound listen on 8443 and nginx listen on 443. Just to be double sure. The requests work fine when using curl to authenticate and retrieve account data/information.

Change History (3)

comment:1 Changed on Apr 10, 2011 at 9:14:49 PM by dkocher

  • Description modified (diff)

comment:2 Changed on Apr 10, 2011 at 9:26:43 PM by dkocher

  • Summary changed from cyberduck with openstack-swift to Swauth authentication

Duplicate of #5735. Not that the optional setting for the Path in the bookmark settings refers to a path in the directory layout of the storage account and is not used for the authentication URL. Refer to the wiki to change the context path for the authentication.

comment:3 Changed on Apr 10, 2011 at 9:26:53 PM by dkocher

  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.