Similar to Nova, swift can be configured to use Keystone for authentication rather than its built in 'tempauth'.
Add a service endpoint for Swift to Keystone
Configure the paste file for swift-proxy,
/etc/swift/proxy-server.conf.Reconfigure Swift's proxy server to use Keystone instead of TempAuth. Here's an example `/etc/swift/proxy-server.conf`:
[DEFAULT] bind_port = 8888 user = <user> [pipeline:main] pipeline = catch_errors healthcheck cache authtoken keystone proxy-server [app:proxy-server] use = egg:swift#proxy account_autocreate = true [filter:keystone] paste.filter_factory = keystoneclient.middleware.swift_auth:filter_factory operator_roles = admin, swiftoperator [filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory # Delaying the auth decision is required to support token-less # usage for anonymous referrers ('.r:*'). delay_auth_decision = 10 service_port = 5000 service_host = 127.0.0.1 auth_port = 35357 auth_host = 127.0.0.1 auth_token = ADMIN admin_token = ADMIN cache = swift.cache [filter:cache] use = egg:swift#memcache set log_name = cache [filter:catch_errors] use = egg:swift#catch_errors [filter:healthcheck] use = egg:swift#healthcheckRestart swift services.
Verify that the Identity service, Keystone, is providing authentication to Object Storage (Swift).
$ swift -V 2 -A http://localhost:5000/v2.0 -U admin:admin -K ADMIN stat
