From 5db51d6f2ae8ee2e8ef9fda5f47b3a1978a831e6 Mon Sep 17 00:00:00 2001 From: John Wilkins Date: Mon, 25 Aug 2014 11:02:27 -0700 Subject: [PATCH] doc: Added a few comments and links to other relevant docs. Signed-off-by: John Wilkins --- doc/architecture.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/architecture.rst b/doc/architecture.rst index 69d349bcb9c..cc1f94918bd 100644 --- a/doc/architecture.rst +++ b/doc/architecture.rst @@ -182,6 +182,12 @@ For details on configuring monitors, see the `Monitor Config Reference`_. High Availability Authentication ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +To identify users and protect against man-in-the-middle attacks, Ceph provides +its ``cephx`` authentication system to authenticate users and daemons. + +.. note:: The ``cephx`` protocol does not address data encryption in transport + (e.g., SSL/TLS) or encryption at rest. + Cephx uses shared secret keys for authentication, meaning both the client and the monitor cluster have a copy of the client's secret key. The authentication protocol is such that both parties are able to prove to each other they have a @@ -315,6 +321,10 @@ the user accesses the Ceph client from a remote host, Ceph authentication is not applied to the connection between the user's host and the client host. +For configuration details, see `Cephx Config Guide`_. For user management +details, see `User Management`_. + + .. index:: architecture; smart daemons and scalability Smart Daemons Enable Hyperscale @@ -1586,3 +1596,5 @@ instance for high availability. .. _Cache Tiering: ../rados/operations/cache-tiering .. _Set Pool Values: ../rados/operations/pools#set-pool-values .. _Kerberos: http://en.wikipedia.org/wiki/Kerberos_(protocol) +.. _Cephx Config Guide: ../rados/configuration/auth-config-ref +.. _User Management: ../rados/operations/user-management \ No newline at end of file -- 2.47.3