On Thu, 14 Jun 2012, Xiaopong Tran wrote: > Cool. Will that be merged into master and ready for 0.48 as wellÿÿ > > cheers > > Xiaopong Unfortunately this will to make it into 0.48. It needs more careful testing to make sure we are handling the range of cases correctly, and there isn't enough time for that. We do encourage you to enable auth with 'auth supported = cephx' in your configs, though; this will make the upgrade when auth is eventually enabled by default painless. sage > > > Sage Weil <sage@xxxxxxxxxxx> wrote: > > >The wip-auth branch has a revamp of the authentication settings. > >Currently, there is a single option, 'auth supported', which is an > >ordered > >list of authentication methods (cephx or none) to use. This is > >somewhat > >limiting > > > >This branch replaces that with 3 new settings: > > > >auth cluster required -- authentication method(s) required between ceph > > cluster daemons (e.g., mds to mds, mds to mon, etc.) > > auth service required -- auth method(s) required by daemons of clients > > auth client required -- what clients require of daemons > > > >This lets you do a few things: > > > >- Require the cluster to internally use authentication, so that nobody > >can > >impersonate an osd or monitor. You could still leave auth off for > >clients > > if you don't want to deal with distributing keys to users. > >- Make the cluster require that clients authentication, but let the > >clients > > connect to whatever. > > > >For compatibility, the idea is that these are all blank by default, and > >in > >that case default to the deprecated 'auth supported' option that many > >are > >already using to enable cephx across the board. > > > >There's also some preliminary docs on what cephx gets you and what it > >doesn't, and on how to enable authentication on a cluster without it. > > > >This gets us one step closer to enabling auth by default... > > > >sage > >-- > >To unsubscribe from this list: send the line "unsubscribe ceph-devel" > >in > >the body of a message to majordomo@xxxxxxxxxxxxxxx > >More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > >
