On Wed, Aug 8, 2018 at 1:33 PM, Sage Weil <s...@newdream.net> wrote:
> There is an undocumented part of the cephx authentication framework called
> the 'auid' (auth uid) that assigns an integer identifier to cephx users
> and to rados pools and allows you to craft cephx capabilities that apply
> to those pools.  This is leftover infrastructure from an ancient time in
> which RGW buckets mapped 1:1 to rados pools (pre-argonaut!) and it was
> expected the cephx capabilities would line up with that.
>
> Although in theory parts of the auid infrastructure might work and be in
> use, it is undocumented, untested, and a messy artifact in the code.  I'd
> like to remove it.
>
> ***
>
>   If you are using auid-based cephx capabilities, now is the time to tell
>   us!  Or, if you know of any reason we should keep it around, now is
>   the time to speak up.
>
>   Otherwise we will remove it!
>
> ***

I used to be very proud of this code, but +1. I don't know of any
users who *could* be using it (much less are) and it really doesn't
make any sense in our current security architecture even if it might
function.
-Greg
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to