aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ceph/auth.c
diff options
context:
space:
mode:
authorSage Weil <sage@newdream.net>2010-02-02 19:25:35 -0500
committerSage Weil <sage@newdream.net>2010-02-11 14:48:45 -0500
commitec0994e48ea2aebf62ff08376227f3a9ccf46262 (patch)
treefdfd595b36619507d25a6b06e14b86db0ee3849a /fs/ceph/auth.c
parent07c8739c521cb029d0f3549556aae2d304513978 (diff)
ceph: add support for auth_x authentication protocol
The auth_x protocol implements support for a kerberos-like mutual authentication infrastructure used by Ceph. We do not simply use vanilla kerberos because of scalability and performance issues when dealing with a large cluster of nodes providing a single logical service. Auth_x provides mutual authentication of client and server and protects against replay and man in the middle attacks. It does not encrypt the full session over the wire, however, so data payload may still be snooped. Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net> Signed-off-by: Sage Weil <sage@newdream.net>
Diffstat (limited to 'fs/ceph/auth.c')
-rw-r--r--fs/ceph/auth.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/ceph/auth.c b/fs/ceph/auth.c
index b34ce0e41b4c..abb204fea6c7 100644
--- a/fs/ceph/auth.c
+++ b/fs/ceph/auth.c
@@ -5,6 +5,7 @@
5 5
6#include "types.h" 6#include "types.h"
7#include "auth_none.h" 7#include "auth_none.h"
8#include "auth_x.h"
8#include "decode.h" 9#include "decode.h"
9#include "super.h" 10#include "super.h"
10 11
@@ -14,7 +15,8 @@
14 * get protocol handler 15 * get protocol handler
15 */ 16 */
16static u32 supported_protocols[] = { 17static u32 supported_protocols[] = {
17 CEPH_AUTH_NONE 18 CEPH_AUTH_NONE,
19 CEPH_AUTH_CEPHX
18}; 20};
19 21
20int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol) 22int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol)
@@ -22,6 +24,8 @@ int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol)
22 switch (protocol) { 24 switch (protocol) {
23 case CEPH_AUTH_NONE: 25 case CEPH_AUTH_NONE:
24 return ceph_auth_none_init(ac); 26 return ceph_auth_none_init(ac);
27 case CEPH_AUTH_CEPHX:
28 return ceph_x_init(ac);
25 default: 29 default:
26 return -ENOENT; 30 return -ENOENT;
27 } 31 }