Copyright © 2010 Caringo, Inc.
All rights reserved 23
the next step or you can remove the Castor-Authorization header and allow
another user to modify it.
To remove the Castor-Authorization header, use PUT or POST with the admin
query argument and your credentials to upload a user realm to the object but do not
specify a Castor-Authorization header in the request.
3. PUT the updated Castor-Authorization header and user list to the object.
curl -X PUT -i --post301 -H "Castor-Authorization: authorization-
specfication" -H "Castor-Stream-Type: admin" --location-trusted
"http://node-ip[/bucket-name[?domain=domain-name]&admin" --anyauth -u
"your-username:your-password" --data-binary @user-list [-D log-file]
You must specify domain=name in a PUT for a domain. If the PUT is for a bucket, you must pass
in the domain name as the Host in the request if the domain is not the default cluster domain.
For example, suppose a bucket named testbucket in the domain cluster.example.com has
become inaccessible due to either a bad authorization specification or user list. The example that
follows shows how you can restore access by changing the Castor-Authorization header and
uploading a new user list. The example makes the following assumptions:
• cluster.example.com is the default cluster domain so it does not need to be passed in as the
Host in the request.
The object's Castor-Authorization
header does not
contain either [email protected]
• The cluster administrator uses the default user name (admin) and password
• Commands are sent to a node whose IP address is 172.16.0.35.
1. Create the user list.
htdigest -c cluster_example_com_testbucket cluster.example.com/
2. PUT the new Castor-Authorization header and user list.
curl -i -X PUT --post301 -H "Castor-Authorization:
testbucket, view=cluster.example.com" -H "Castor-Stream-Type: admin" --
location-trusted "http://172.16.0.35/testbucket?admin" --data-binary
@cluster_example_com_testbucket -u "admin:ourpwdofchoicehere" -D fix-
3. Ask a user in the user list to confirm they have access to the object by uploading a new user list
to the object or by changing the Castor-Authorization header.
4.7.2. Working With Inaccessible Objects
In the event a domain, bucket, or named object is not accessible by usual means, you can access it
directly using the cid= query argument. Examples of when this might be useful:
• The domain or bucket has been deleted.