fmt_desc: If the Ceph version supports message signing, Ceph will sign
all messages so they are more difficult to spoof.
with_legacy: true
+- name: cephx_preferred_cipher
+ type: str
+ level: dev
+ desc: preferred cipher to use for new authentication keys
+ default: recommended
+ flags:
+ - runtime
- name: cephx_allowed_ciphers
type: str
level: advanced
map<string,bufferlist> caps;
std::string fn;
- int key_type = CryptoManager::get_key_type("recommended");
+ int key_type = -1;
if (args.empty()) {
cerr << argv[0] << ": -h or --help for usage" << std::endl;
common_init_finish(g_ceph_context);
EntityName ename(g_conf()->name);
+ if (key_type < 0) {
+ auto cephx_preferred_cipher = g_conf().get_val<std::string>("cephx_preferred_cipher");
+ cerr << "using key type: " << cephx_preferred_cipher << std::endl;
+ key_type = CryptoManager::get_key_type(cephx_preferred_cipher);
+ }
+
// Enforce the use of gen-key or add-key when creating to avoid ending up
// with an "empty" key (key = AAAAAAAAAAAAAAAA)
if (create_keyring && !gen_key && add_key.empty() && !caps.empty()) {
projects / ceph-ci.git / commitdiff