ceph: add support for auth_x authentication protocol The auth_x protocol implements support for a kerberos-like mutual authentication infrastructure used by Ceph. We do not simply use vanilla kerberos because of scalability and performance issues when dealing with a large cluster of nodes providing a single logical service. Auth_x provides mutual authentication of client and server and protects against replay and man in the middle attacks. It does not encrypt the full session over the wire, however, so data payload may still be snooped. Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net> Signed-off-by: Sage Weil <sage@newdream.net>

commit: ec0994e48ea2aebf62ff08376227f3a9ccf46262 [log] [tgz]
author: Sage Weil <sage@newdream.net> Tue Feb 02 16:25:35 2010 -0800
committer: Sage Weil <sage@newdream.net> Thu Feb 11 11:48:45 2010 -0800
tree: fdfd595b36619507d25a6b06e14b86db0ee3849a
parent: 07c8739c521cb029d0f3549556aae2d304513978 [diff] [blame]
diff --git a/fs/ceph/auth.c b/fs/ceph/auth.c
index b34ce0e..abb204f 100644
--- a/fs/ceph/auth.c
+++ b/fs/ceph/auth.c

@@ -5,6 +5,7 @@
 
 #include "types.h"
 #include "auth_none.h"
+#include "auth_x.h"
 #include "decode.h"
 #include "super.h"
 
@@ -14,7 +15,8 @@
  * get protocol handler
  */
 static u32 supported_protocols[] = {
-	CEPH_AUTH_NONE
+	CEPH_AUTH_NONE,
+	CEPH_AUTH_CEPHX
 };
 
 int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol)
@@ -22,6 +24,8 @@
 	switch (protocol) {
 	case CEPH_AUTH_NONE:
 		return ceph_auth_none_init(ac);
+	case CEPH_AUTH_CEPHX:
+		return ceph_x_init(ac);
 	default:
 		return -ENOENT;
 	}
commit	ec0994e48ea2aebf62ff08376227f3a9ccf46262	[log] [tgz]
author	Sage Weil <sage@newdream.net>	Tue Feb 02 16:25:35 2010 -0800
committer	Sage Weil <sage@newdream.net>	Thu Feb 11 11:48:45 2010 -0800
tree	fdfd595b36619507d25a6b06e14b86db0ee3849a
parent	07c8739c521cb029d0f3549556aae2d304513978 [diff] [blame]