Hi All, the docs continuously describe cephx as Kerberos-like, curious why Kereros isn't used instead.
Developing new security protocols is almost always a bad idea from a security perspective. I haven't looked deeply into cephx to see how much is novel (and likely to contain novel bugs) ans how much is reuse of well worn crypto. So this is just a first impression concern. More importantly to me I already have a Kerberos infrastructure all my users have principals all my hosts have keytabs and I would really like to reuse that for securing data access rather than managing yet another a separate set of credentials. The only reason I can see documented is "Unlike Kerberos, each monitor can authenticate users and distribute keys, so there is no single point of failure or bottleneck when using chepx." Kerberos using multiple KDCs needn't have a single point of failure, and "each monitor" probably means 3-5 systems in practice which is a typical scale for production Kerberos deployments. Now it's true with Kerberos if the admin server goes down I can't add new principals (users) or perform other administrative functions, but authentication continues and users (human and daemon) don't really care. Am I missing something? Any plans to either add Kerberos as an authentication method or provide a pluggable authentication scheme? I'm fairly excited about all things Ceph from a design and direction perspective, but this piece (IMO) is the one thing that is just painfully close but not quite right. Thanks, -Jon -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
