On Tue, Jul 19, 2016 at 5:51 PM, Brad Hubbard <bhubbard@xxxxxxxxxx> wrote: > On Tue, Jul 19, 2016 at 05:41:20PM -0700, Gregory Farnum wrote: >> On Tue, Jul 19, 2016 at 5:28 PM, Brad Hubbard <bhubbard@xxxxxxxxxx> wrote: >> > On Wed, Jul 20, 2016 at 6:34 AM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote: >> >> On Tue, Jul 19, 2016 at 12:47 PM, Matt Benjamin <mbenjamin@xxxxxxxxxx> wrote: >> >>> Hi Daniel, >> >>> >> >>> Sorry you haven't gotten a response. There is work ongoing in the RGW standup related to using LDAP and krb5 (via STS) authentication systems in -RGW-. Please consider coming to an RGW standup to sync up and discuss (though some details like design writeups of course come to this list). >> >>> >> >>> If your interest is in general ceph and ceph messaging, I defer to others and other discussion--e.g., Msgr2. >> >> >> >> Yeah, I don't think any work has been done on integrating Kerberos >> >> into the monitor for log-in and getting ceph tickets etc yet. :( >> >> -Greg >> > >> > I believe Daniel is referring to Msgr2 here. >> > >> > Who's the best contact for auth integration work in regards to Msgr2? >> >> There are msgr2 features designed to support this, but it's mostly the >> same thing. Or at least, you certainly aren't going to be checking >> external-server kerberos tickets every time a client connects to an >> OSD — if you're running a kerberos server, that client will >> authenticate on the monitor via kerberos, and then the monitor will >> give it a ceph-specific thing for connecting to other servers. :) >> >> Anyway, even if they weren't, I don't think any real work's been done >> beyond speccing out the protocol. > > Perhaps a little background is in order heere. > > Recently Daniel approached Kefu and myself on IRC having just completed a > project and looking for his next task. Since he had history working in the > Identity Management space we suggested that leveraging his existing talents in > that area may be a good idea and suggested he send an email to the list > sounding out the best people to talk to in regard to that area. > > If we have no projects currently that relate to IDM with work under way then I > guess Daniel will need to look in another area? Unless he wants to drive the monitor integration? It's not really my charge, but obviously we have discussed it several times so there's some guidance available. (Sage and Matt, probably.) Otherwise, yeah, better find a project that has actual development and not just design work going on so far. :) -Greg -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
