On Wed, Jul 20, 2016 at 10:54 AM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote: > On Tue, Jul 19, 2016 at 5:51 PM, Brad Hubbard <bhubbard@xxxxxxxxxx> wrote: >> On Tue, Jul 19, 2016 at 05:41:20PM -0700, Gregory Farnum wrote: >>> On Tue, Jul 19, 2016 at 5:28 PM, Brad Hubbard <bhubbard@xxxxxxxxxx> wrote: >>> > On Wed, Jul 20, 2016 at 6:34 AM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote: >>> >> On Tue, Jul 19, 2016 at 12:47 PM, Matt Benjamin <mbenjamin@xxxxxxxxxx> wrote: >>> >>> Hi Daniel, >>> >>> >>> >>> Sorry you haven't gotten a response. There is work ongoing in the RGW standup related to using LDAP and krb5 (via STS) authentication systems in -RGW-. Please consider coming to an RGW standup to sync up and discuss (though some details like design writeups of course come to this list). >>> >>> >>> >>> If your interest is in general ceph and ceph messaging, I defer to others and other discussion--e.g., Msgr2. >>> >> >>> >> Yeah, I don't think any work has been done on integrating Kerberos >>> >> into the monitor for log-in and getting ceph tickets etc yet. :( >>> >> -Greg >>> > >>> > I believe Daniel is referring to Msgr2 here. >>> > >>> > Who's the best contact for auth integration work in regards to Msgr2? >>> >>> There are msgr2 features designed to support this, but it's mostly the >>> same thing. Or at least, you certainly aren't going to be checking >>> external-server kerberos tickets every time a client connects to an >>> OSD — if you're running a kerberos server, that client will >>> authenticate on the monitor via kerberos, and then the monitor will >>> give it a ceph-specific thing for connecting to other servers. :) >>> >>> Anyway, even if they weren't, I don't think any real work's been done >>> beyond speccing out the protocol. >> >> Perhaps a little background is in order heere. >> >> Recently Daniel approached Kefu and myself on IRC having just completed a >> project and looking for his next task. Since he had history working in the >> Identity Management space we suggested that leveraging his existing talents in >> that area may be a good idea and suggested he send an email to the list >> sounding out the best people to talk to in regard to that area. >> >> If we have no projects currently that relate to IDM with work under way then I >> guess Daniel will need to look in another area? > > Unless he wants to drive the monitor integration? It's not really my > charge, but obviously we have discussed it several times so there's > some guidance available. (Sage and Matt, probably.) > > Otherwise, yeah, better find a project that has actual development and > not just design work going on so far. :) Thanks for the insight Greg. > -Greg -- Cheers, Brad -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
