what was
> described in that blueprint.
>
> On Thu, 28 May 2015, Andrew Bartlett wrote:
> > David Disseldorp was good enough to point me at this proposal for ceph
> > OSD key management:
> > https://wiki.ceph.com/Planning/Blueprints/Infernalis/osd%3A_simple_ceph-mon_dm
in a
posix group, just to have some ceph permissions. So we just need to
specify a group or a group SID in a config file, and say that these
folks have certain rights, we don't need to do anything related to
POSIX. Samba can extract the SIDs from the PAC, which helps a lot,
particularly with p
e nodes as they are built, just as the other dmcrypt
options are.
I would like to see three things hookable:
- the command to obtain the key (on stdout)
- to encrypt the key (so we can additionally pass it
via gpg, a HSM or remote encrypt/decrypt service)
- to decrypt the key
Thanks,
calls a 'wrapper
key' is really a key access key, it doesn't even encrypt it.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
--
To
what was
> described in that blueprint.
>
> On Thu, 28 May 2015, Andrew Bartlett wrote:
> > David Disseldorp was good enough to point me at this proposal for ceph
> > OSD key management:
> > https://wiki.ceph.com/Planning/Blueprints/Infernalis/osd%3A_simple_ceph-mon_dm
nk that's a lot
> more secure (and will *stay* that way since encryption is all that
> project does), and adding TLS or similar to the messenger code would
> give us on-the-wire protection from the clients to the disk.
> -Greg
The the good reason to use dm-crypt is that novel cryptogr
