On Tue, 23 Oct 2012, Joao Eduardo Luis wrote: > On 10/23/2012 09:24 PM, Yehuda Sadeh wrote: > > On Tue, Oct 23, 2012 at 1:22 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote: > >> On Tue, Oct 23, 2012 at 1:14 PM, Dan Mick <dan.mick@xxxxxxxxxxx> wrote: > >>> So, I've discovered that to make "no cephx" work, you need to explicitly set > >>> "none" for the three options (thanks to Yehuda for the tip): > >>> > >>> auth cluster required = none > >>> auth service required = none > >>> auth supported = none > >>> > >>> Since "blank" is not an error, but leads to a disagreement about > >>> authentication that's fairly hard to diagnose, should we make it an error to > >>> specify a blank entry for those items? > >>> > >> Maybe fix it so that blank entries would be equivalent to 'none'? > >> > >> Yehuda > > > > That should do it: > > > > diff --git a/src/auth/AuthMethodList.cc b/src/auth/AuthMethodList.cc > > index e23ac40..53c8d66 100644 > > --- a/src/auth/AuthMethodList.cc > > +++ b/src/auth/AuthMethodList.cc > > @@ -35,6 +35,8 @@ AuthMethodList::AuthMethodList(CephContext *cct, string str) > > lderr(cct) << "WARNING: unknown auth protocol defined: " << > > *iter << dendl; > > } > > } > > + if (auth_supported.empty()) > > + auth_supported.push_back(CEPH_AUTH_NONE); > > } > > > > bool AuthMethodList::is_supported_auth(int auth_type) > > I, for one, believe that when it comes to configuration files, leaving > blank values defaulting to something is not the best idea. I would > rather have a blank value spitting out an error, as it gives room for > someone leaving it blank assuming it will use 'none', as others may > assume it will default to 'cephx'. The situation before 66bda162e1acad34d37fa97e3a91e277df174f42 was auth cluster required = auth service required = auth supported = none Now it is auth cluster required = cephx auth service required = cephx auth supported = (auth support is the deprecated option that kicks in if 'auth * required' is blank). Perhaps just documenting the first above block as the way to disable cephx is the way to go. sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
