Cool!Will that be merged into master and ready for 0.48 as well? cheers Xiaopong Sage Weil <sage@xxxxxxxxxxx> wrote: >The wip-auth branch has a revamp of the authentication settings. >Currently, there is a single option, 'auth supported', which is an >ordered >list of authentication methods (cephx or none) to use. This is >somewhat >limiting > >This branch replaces that with 3 new settings: > >auth cluster required -- authentication method(s) required between ceph > cluster daemons (e.g., mds to mds, mds to mon, etc.) > auth service required -- auth method(s) required by daemons of clients > auth client required -- what clients require of daemons > >This lets you do a few things: > >- Require the cluster to internally use authentication, so that nobody >can >impersonate an osd or monitor. You could still leave auth off for >clients > if you don't want to deal with distributing keys to users. >- Make the cluster require that clients authentication, but let the >clients > connect to whatever. > >For compatibility, the idea is that these are all blank by default, and >in >that case default to the deprecated 'auth supported' option that many >are >already using to enable cephx across the board. > >There's also some preliminary docs on what cephx gets you and what it >doesn't, and on how to enable authentication on a cluster without it. > >This gets us one step closer to enabling auth by default... > >sage >-- >To unsubscribe from this list: send the line "unsubscribe ceph-devel" >in >the body of a message to majordomo@xxxxxxxxxxxxxxx >More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
