s3api authentication doesn't work for users with the same account

I've uploaded a fix to change AWSAccessKeyId to the combination of account and user:

Authorization: AWS test/tester:xQE0diMbLRepdf3YB+FIEXAMPLE=

The auth validates the HMAC and sends a cfaccount back to the
proxy. The proxy rewrites the path with the cfaccount.

Any thoughts?

I haven't looked at the branch yet, but it sounds like a good idea. Would
it be possible to use test:tester instead of test/tester? This would keep
it consistent with how it is used every where else.

--
Chuck

On Sat, Jan 15, 2011 at 7:50 PM, FUJITA Tomonori
<email address hidden>wrote:

> I've uploaded a fix to change AWSAccessKeyId to the combination of
> account and user:
>
> Authorization: AWS test/tester:xQE0diMbLRepdf3YB+FIEXAMPLE=
>
> The auth validates the HMAC and sends a cfaccount back to the
> proxy. The proxy rewrites the path with the cfaccount.
>
> Any thoughts?
>
> --
> You received this bug notification because you are a member of Swift Bug
> Team, which is subscribed to OpenStack Object Storage (swift).
> https://bugs.launchpad.net/bugs/703444
>
> Title:
> s3api authentication doesn't work for users with the same account
>
> Status in OpenStack Object Storage (Swift):
> New
>
> Bug description:
> Sorry, seems that I messed up with the authentication scheme.
>
> We use cfaccount as AWSAccessKeyId (something like
> AUTH_89308df71f274e33af17779606f08fa0). However, users with the same
> account use the same cfaccount. In such case, we can't know which
> password should be used as a secret key to calculate the HMAC.
>
>
>

test:tester works for boto at least. If you prefer ':', I'll update the devauth and swauth branches.

I use '/' because ':' is used for a separator for AWSAccessKeyId and HMAC in the Authorization header.

I've uploaded a new branch to use 'test:tester' format:

https://code.launchpad.net/~fujita-tomonori/swift/devauth-fix-id-2

Sounds great, would you like to make it a merge proposal?

--
chuck

On Mon, Jan 17, 2011 at 1:09 AM, FUJITA Tomonori
<email address hidden>wrote:

> I've uploaded a new branch to use 'test:tester' format:
>
> https://code.launchpad.net/~fujita-tomonori/swift/devauth-fix-id-2
>
> ** Branch linked: lp:~fujita-tomonori/swift/devauth-fix-id-2
>
> --
> You received this bug notification because you are a member of Swift Bug
> Team, which is subscribed to OpenStack Object Storage (swift).
> https://bugs.launchpad.net/bugs/703444
>
> Title:
> s3api authentication doesn't work for users with the same account
>
> Status in OpenStack Object Storage (Swift):
> New
>
> Bug description:
> Sorry, seems that I messed up with the authentication scheme.
>
> We use cfaccount as AWSAccessKeyId (something like
> AUTH_89308df71f274e33af17779606f08fa0). However, users with the same
> account use the same cfaccount. In such case, we can't know which
> password should be used as a secret key to calculate the HMAC.
>
>
>