mirror of
https://github.com/ceph/ceph
synced 2025-01-06 03:01:24 +00:00
c7ee66c3e5
The modes are: - crc: crc32c checksums to protect against bit errors. No secrecy or authenticity guarantees, so a MITM could alter traffic in flight. - secure: cryptographic secrecy and authenticity proection (i.e, encrypted and signed). We do not include a 'signed' mode that provides authenticity without secrecy because the cryptographic protocols appear to be faster than SHA-2. New settings: - ms_cluster_mode : mode(s list) for intra-cluster connections - ms_service_mode : mode(s list) for daemons to allow - ms_client_mode : mode(s list) for clients to allow Also, - ms_mon_cluster_mode : mon <-> mon connections - ms_mon_service_mode : mon <-> daemon or client connections The msgr2 protocol is expanded slightly to negotiate a mode. Client shares it's allowed/preferred modes, and server picks one as auth finishes. Negotiation is independent of the authentication, except that the authentiction mode may precluse certain choices. Specifically, AUTH_NONE does not support 'secure', only 'crc'. Signed-off-by: Sage Weil <sage@redhat.com> |
||
|---|---|---|
| .. | ||
| _ext | ||
| _static/js | ||
| _templates | ||
| _themes/ceph | ||
| api | ||
| ceph-volume | ||
| cephfs | ||
| changelog | ||
| dev | ||
| images | ||
| install | ||
| man | ||
| mgr | ||
| mon | ||
| rados | ||
| radosgw | ||
| rbd | ||
| releases | ||
| scripts | ||
| start | ||
| .gitignore | ||
| architecture.rst | ||
| CMakeLists.txt | ||
| conf.py | ||
| favicon.ico | ||
| glossary.rst | ||
| governance.rst | ||
| index.rst | ||
| logo.png | ||
| man_index.rst | ||
| README.md | ||
