On Tue, Jul 19, 2016 at 5:28 PM, Brad Hubbard <bhubbard@xxxxxxxxxx> wrote: > On Wed, Jul 20, 2016 at 6:34 AM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote: >> On Tue, Jul 19, 2016 at 12:47 PM, Matt Benjamin <mbenjamin@xxxxxxxxxx> wrote: >>> Hi Daniel, >>> >>> Sorry you haven't gotten a response. There is work ongoing in the RGW standup related to using LDAP and krb5 (via STS) authentication systems in -RGW-. Please consider coming to an RGW standup to sync up and discuss (though some details like design writeups of course come to this list). >>> >>> If your interest is in general ceph and ceph messaging, I defer to others and other discussion--e.g., Msgr2. >> >> Yeah, I don't think any work has been done on integrating Kerberos >> into the monitor for log-in and getting ceph tickets etc yet. :( >> -Greg > > I believe Daniel is referring to Msgr2 here. > > Who's the best contact for auth integration work in regards to Msgr2? There are msgr2 features designed to support this, but it's mostly the same thing. Or at least, you certainly aren't going to be checking external-server kerberos tickets every time a client connects to an OSD — if you're running a kerberos server, that client will authenticate on the monitor via kerberos, and then the monitor will give it a ceph-specific thing for connecting to other servers. :) Anyway, even if they weren't, I don't think any real work's been done beyond speccing out the protocol. -Greg -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
