On Wed, Jun 13, 2012 at 4:41 PM, Greg Farnum <[email protected]> wrote: >> You know, I'd be really happy if this could be achieved by means of >> removing cephx keys. > Unfortunately, that wouldn't really solve the problem without dramatically > decreasing the rotation interval for cluster access keys which cephx shares. > Alternative (entirely theoretical) security schemes might, but they're well > behind what's feasible for us to work on any time soon...
I wouldn't want to rely on timed rotation. Fencing triggering a rotation on demand, then again.. that I do like. -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
