Hi all, This mail is just to let you know that we've prepared a draft blueprint related to adding strong(er) authn/authz to cephfs: http://wiki.ceph.com/01Planning/02Blueprints/Firefly/Strong_AuthN_and_AuthZ_for_CephFS The main goal of the idea is that we'd like to be able to use CephFS from untrusted clients: - the CephX key gives full rw access to pools (e.g. data/metadata) via rados; we cannot distribute this key to untrusted hosts. - root on untrusted clients can forge their uid/gid and rm -rf /cephfs/*. In the doc we've proposed one way to add authn/authz to the ceph server side, but perhaps there is a simpler (more feasible in the short term) solution which would enable us to allow untrusted cephfs clients. Best Regards, Arne & Andreas & Andrea & Dan CERN IT -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
