From: John Wilkins Date: Mon, 25 Aug 2014 18:02:27 +0000 (-0700) Subject: doc: Added a few comments and links to other relevant docs. X-Git-Tag: v0.86~154^2~4 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=5db51d6f2ae8ee2e8ef9fda5f47b3a1978a831e6;p=ceph.git doc: Added a few comments and links to other relevant docs. Signed-off-by: John Wilkins --- diff --git a/doc/architecture.rst b/doc/architecture.rst index 69d349bcb9c4..cc1f94918bd1 100644 --- a/doc/architecture.rst +++ b/doc/architecture.rst @@ -182,6 +182,12 @@ For details on configuring monitors, see the `Monitor Config Reference`_. High Availability Authentication ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +To identify users and protect against man-in-the-middle attacks, Ceph provides +its ``cephx`` authentication system to authenticate users and daemons. + +.. note:: The ``cephx`` protocol does not address data encryption in transport + (e.g., SSL/TLS) or encryption at rest. + Cephx uses shared secret keys for authentication, meaning both the client and the monitor cluster have a copy of the client's secret key. The authentication protocol is such that both parties are able to prove to each other they have a @@ -315,6 +321,10 @@ the user accesses the Ceph client from a remote host, Ceph authentication is not applied to the connection between the user's host and the client host. +For configuration details, see `Cephx Config Guide`_. For user management +details, see `User Management`_. + + .. index:: architecture; smart daemons and scalability Smart Daemons Enable Hyperscale @@ -1586,3 +1596,5 @@ instance for high availability. .. _Cache Tiering: ../rados/operations/cache-tiering .. _Set Pool Values: ../rados/operations/pools#set-pool-values .. _Kerberos: http://en.wikipedia.org/wiki/Kerberos_(protocol) +.. _Cephx Config Guide: ../rados/configuration/auth-config-ref +.. _User Management: ../rados/operations/user-management \ No newline at end of file