On Fri, 14 Aug 2009, Adam Lewis wrote:
> Sage,
>
> > I suspect most users will be satisfied with the ability to delegate trust to
> > (root on) a client host mounting the fs, as they're accustomed to doing
> > with NFS.
>
> Don't assume that I'm satisfied with anything I'm accustomed to doing
> with NFS ;)
Ha, okay, fair enough. :)
The problem is that generally speaking, in any environment, you
fundamentally trust the kernel to say which user is which (i.e. this
request is on behalf of uid 1234). Even if you're using kerberos or
something similar, the kernel is still responsible for talking to the KDC
to get your key. Any user, by logging into a machine and authenticating
themself, is trusting that host not to abuse their identity. There's not
much way around that...
sage
>
> Okay, back to lurking.
>
> Adam
>
>
> On Fri, Aug 14, 2009 at 2:38 PM, Sage Weil <s...@newdream.net> wrote:
> >
> > Hi Ethan!
> >
> > On Fri, 14 Aug 2009, Ethan L. Miller wrote:
> > > Andrew Leung, Stephanie Jones, and I designed a protocol to do this in
> > > 2007. You should look at the paper we wrote:
> > > <http://www.ssrc.ucsc.edu/pub/leung07-sc.html>
> >
> > This protocol deals primarily with the problem of authorizing clients to
> > access individual (sets of) objects (based on file ownership, etc.) within
> > the object store. We're initially solving the more basic problem of
> > authentication and authorization of the client to talk to the MDSs/OSDs
> > (i.e., mount the file system) in the first place. Andrew's prototype more
> > or less assumes that problem is already solved. (In particular, the
> > monitor hands out user tickets to anyone who asks.)
> >
> > The initial goal is simply to avoid a userland client instance from
> > getting complete access to the file system. And to restrict librados
> > users to individual object storage pools.
> >
> > Once that problem is solved, implementing fine grained per-file access
> > control is certainly possible, but at this stage I suspect most users will
> > be satisfied with the ability to delegate trust to (root on) a client host
> > mounting the fs, as they're accustomed to doing with NFS.
> >
> > sage
> >
> >
> > > The protocol we designed used the MDS to hand out keys, and supported
> > > group authentication as well as expiring keys with group renewals. It
> > > also supported delegation: a user could generate a public/private key
> > > pair and delegate access to only specific files to anyone with the
> > > private key that was generated. The result was a highly scalable
> > > security system with less than 5% overhead (sometimes much less) on
> > > the benchmarks we ran.
> > >
> > > The code was implemented in Ceph, and Andrew likely has it around
> > > somewhere. It probably needs to be updated to work with the current
> > > version of Ceph, and will need bulletproofing, but it's a good start.
> > >
> > > > We're currently working on an authentication module for ceph. This
> > > > will allow us both keeping the cluster secured internally, as no bad
> > > > servers will be able to join the cluster, and both externally. E.g.,
> > > > only permitted clients will be able to do certain specified
> > > > operations. This is just a rough description of what we consider right
> > > > now, but here it is:
> > > >
> > > > The following are the basic requirements:
> > > > * Robust, scalable, keeps up with the cluster's consistency.
> > > > * Identify the different cluster modules (e.g., mon, mds and osd) and
> > > > allow only the permitted entities to participate in the cluster
> > > > * Identify the clients, and set up a mechanism to authenticate them.
> > > > Establish a session between the client and the cluster
> > > > * The created session will allow the client to communicate with the
> > > > different cluster entities
> > > > * It will be possible to sign (and possibly encrypt) all protocol
> > > > operations
> > >
> > > > I'd love to hear any comment, idea or request that you might have as
> > > > we're about to start implementing this stuff.
> > >
> > > ( Ethan L. Miller Email: e...@cs.ucsc.edu )
> > > ( Professor, Computer Science Web: http://www.cs.ucsc.edu/~elm/ )
> > > ( University of California Phone: +1 831 459-1222 )
> > > ( Santa Cruz, CA 95064 USA Fax: +1 831 459-1041 )
> > > ( PGP keyprint: 76C7 D699 1FF6 A1A4 B7A1 9629 2EBF 1273 A6ED 6A09 )
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > Let Crystal Reports handle the reporting - Free Crystal Reports 2008
> > > 30-Day
> > > trial. Simplify your report design, integration and deployment - and
> > > focus on
> > > what you do best, core application coding. Discover what's new with
> > > Crystal Reports now. http://p.sf.net/sfu/bobj-july
> > > _______________________________________________
> > > Ceph-devel mailing list
> > > Ceph-devel@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/ceph-devel
> > >
> > >
> >
> > ------------------------------------------------------------------------------
> > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> > trial. Simplify your report design, integration and deployment - and focus
> > on
> > what you do best, core application coding. Discover what's new with
> > Crystal Reports now. http://p.sf.net/sfu/bobj-july
> > _______________________________________________
> > Ceph-devel mailing list
> > Ceph-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/ceph-devel
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Ceph-devel mailing list
> Ceph-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ceph-devel
>
>
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Ceph-devel mailing list
Ceph-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ceph-devel
