Authentication in unified file and object access
The following section gives information about how file authentication and object authentication are configured for different identity management modes.
local_mode - non-unified identity between object and file
This is a non-unified ID mode. In this mode, all the objects created continue to be owned by the swift user, that is a special user under whose context the object server runs on the system. Because in this mode there is no ID mapping of objects to user ID, object authentication can be configured to any supported authentication schemes and file authentication can continue to be configured to any supported authentication scheme.
For supported authentication schemes, see the Authentication support matrix table in the Authentication considerations topic in IBM Spectrum Scale: Concepts, Planning, and Installation Guide.
unified_mode - unified identity between object and file
This mode allows objects and files to be owned by the users' UID and the corresponding GID that created them. This mode mandatorily requires both the object protocol and the file protocol to be configured with the same authentication scheme. The supported authentication schemes for the unified mode are:
- AD for Authentication + RFC 2307 for ID mapping
- LDAP for authentication as well as for ID mapping