Hi, ----- Original Message ----- > From: "Sage Weil" <sweil@xxxxxxxxxx> > To: ceph-devel@xxxxxxxxxxxxxxx > Sent: Thursday, May 5, 2016 8:57:16 AM > Subject: on-the-wire encryption, addrs, and cephx > > Hi all, > > We had a call last night (Marcus, Haomai, Yehuda, our GSoC student Zhao, > and me) to discuss on-the-wire encryption. <snip> > > (We talked about whether just jumping into a Kerberos world wholesale > makes sense or would help here, and decided that although we could do what > cephx does with kerberos, doing so doesn't change any of the protocol > pieces--and in fact krb5 would effectivel slot in as an alternative, > pluggable auth mode next to cephx. As we go through this process we > should verify that a native kerberos approach fits in properly.) <snip> > > Comments, questions welcome! Seems like this is a great start. I'm used to systems that emphasize Kerberos, and I'm glad we're revisiting where it covers or misses our requirements. Matt > > sage > -- -- Matt Benjamin Red Hat, Inc. 315 West Huron Street, Suite 140A Ann Arbor, Michigan 48103 http://www.redhat.com/en/technologies/storage tel. 734-707-0660 fax. 734-769-8938 cel. 734-216-5309 -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html