Authentication is achieved by obtaining a mount token and including it in the mount command. Logging into the Content Software for File system using the CLI (the weka user login command) creates an authentication token and saves it in the client (default to ~/.weka/auth-token.json, which can be changed using the--pathattribute).
The Content Software for File system assigns the token that relates to a specific organization. Only mounts that pass the path to a correct token can successfully access the filesystems of the organization.
Once the system authenticates a user, the mount command uses the default location of the authentication token. It is possible to change the token location/name and pass it as a parameter in the mount command using the auth_token_path mount option, or theWEKA_TOKEN environment variable.
mount -t wekafs backend-host-0/my_fs /mnt/weka/my_fs -o auth_token_path=<path>
This option is useful when mounting several filesystems for several users/organizations on the same host or when using Autofs.
When a token is compromised or no longer required, such as when a user leaves the organization, the Organization Admin can prevent using that token for new mounts by revoking the user access.