On Wed, Aug 8, 2018 at 1:33 PM, Sage Weil <sage@xxxxxxxxxxxx> wrote: > There is an undocumented part of the cephx authentication framework called > the 'auid' (auth uid) that assigns an integer identifier to cephx users > and to rados pools and allows you to craft cephx capabilities that apply > to those pools. This is leftover infrastructure from an ancient time in > which RGW buckets mapped 1:1 to rados pools (pre-argonaut!) and it was > expected the cephx capabilities would line up with that. > > Although in theory parts of the auid infrastructure might work and be in > use, it is undocumented, untested, and a messy artifact in the code. I'd > like to remove it. > > *** > > If you are using auid-based cephx capabilities, now is the time to tell > us! Or, if you know of any reason we should keep it around, now is > the time to speak up. > > Otherwise we will remove it! > > *** I used to be very proud of this code, but +1. I don't know of any users who *could* be using it (much less are) and it really doesn't make any sense in our current security architecture even if it might function. -Greg _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |