On Wed, Jun 13, 2012 at 4:41 PM, Greg Farnum <greg@xxxxxxxxxxx> wrote: >> You know, I'd be really happy if this could be achieved by means of >> removing cephx keys. > Unfortunately, that wouldn't really solve the problem without dramatically decreasing the rotation interval for cluster access keys which cephx shares. Alternative (entirely theoretical) security schemes might, but they're well behind what's feasible for us to work on any time soon... I wouldn't want to rely on timed rotation. Fencing triggering a rotation on demand, then again.. that I do like. -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
