* LDAP/KRB5 authentication mode. @ 2016-07-14 20:51 Daniel Oliveira 2016-07-19 17:38 ` Daniel Oliveira 0 siblings, 1 reply; 9+ messages in thread From: Daniel Oliveira @ 2016-07-14 20:51 UTC (permalink / raw) To: ceph-devel Hi, I've talking to Kefu/Badone about the work in question and would like to help with that. Please, who should I talk to in order to understand where we are at and then start working on it? Thanks, -Daniel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: LDAP/KRB5 authentication mode 2016-07-14 20:51 LDAP/KRB5 authentication mode Daniel Oliveira @ 2016-07-19 17:38 ` Daniel Oliveira 2016-07-19 19:47 ` Matt Benjamin 0 siblings, 1 reply; 9+ messages in thread From: Daniel Oliveira @ 2016-07-19 17:38 UTC (permalink / raw) To: ceph-devel; +Cc: sweil Hi Team, I haven't heard anything back on this, so just wondering if we know who is working on this part of the project so we could help out?! Thanks, -Daniel On Thu, 2016-07-14 at 14:51 -0600, Daniel Oliveira wrote: > Hi, > > I've talking to Kefu/Badone about the work in question and would like > to help with that. > > Please, who should I talk to in order to understand where we are at > and then start working on it? > > Thanks, > -Daniel > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: LDAP/KRB5 authentication mode 2016-07-19 17:38 ` Daniel Oliveira @ 2016-07-19 19:47 ` Matt Benjamin 2016-07-19 20:34 ` Gregory Farnum 0 siblings, 1 reply; 9+ messages in thread From: Matt Benjamin @ 2016-07-19 19:47 UTC (permalink / raw) To: Daniel Oliveira; +Cc: ceph-devel, sweil Hi Daniel, Sorry you haven't gotten a response. There is work ongoing in the RGW standup related to using LDAP and krb5 (via STS) authentication systems in -RGW-. Please consider coming to an RGW standup to sync up and discuss (though some details like design writeups of course come to this list). If your interest is in general ceph and ceph messaging, I defer to others and other discussion--e.g., Msgr2. Regards, Matt ----- Original Message ----- > From: "Daniel Oliveira" <doliveira@suse.com> > To: ceph-devel@vger.kernel.org > Cc: sweil@redhat.com > Sent: Tuesday, July 19, 2016 1:38:31 PM > Subject: Re: LDAP/KRB5 authentication mode > > Hi Team, > > I haven't heard anything back on this, so just wondering if we know who > is working on this part of the project so we could help out?! > > Thanks, > -Daniel > > > On Thu, 2016-07-14 at 14:51 -0600, Daniel Oliveira wrote: > > Hi, > > > > I've talking to Kefu/Badone about the work in question and would like > > to help with that. > > > > Please, who should I talk to in order to understand where we are at > > and then start working on it? > > > > Thanks, > > -Daniel > > > -- > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Matt Benjamin Red Hat, Inc. 315 West Huron Street, Suite 140A Ann Arbor, Michigan 48103 http://www.redhat.com/en/technologies/storage tel. 734-707-0660 fax. 734-769-8938 cel. 734-216-5309 ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: LDAP/KRB5 authentication mode 2016-07-19 19:47 ` Matt Benjamin @ 2016-07-19 20:34 ` Gregory Farnum 2016-07-20 0:28 ` Brad Hubbard 0 siblings, 1 reply; 9+ messages in thread From: Gregory Farnum @ 2016-07-19 20:34 UTC (permalink / raw) To: Matt Benjamin; +Cc: Daniel Oliveira, ceph-devel, Sage Weil On Tue, Jul 19, 2016 at 12:47 PM, Matt Benjamin <mbenjamin@redhat.com> wrote: > Hi Daniel, > > Sorry you haven't gotten a response. There is work ongoing in the RGW standup related to using LDAP and krb5 (via STS) authentication systems in -RGW-. Please consider coming to an RGW standup to sync up and discuss (though some details like design writeups of course come to this list). > > If your interest is in general ceph and ceph messaging, I defer to others and other discussion--e.g., Msgr2. Yeah, I don't think any work has been done on integrating Kerberos into the monitor for log-in and getting ceph tickets etc yet. :( -Greg > > Regards, > > Matt > > ----- Original Message ----- >> From: "Daniel Oliveira" <doliveira@suse.com> >> To: ceph-devel@vger.kernel.org >> Cc: sweil@redhat.com >> Sent: Tuesday, July 19, 2016 1:38:31 PM >> Subject: Re: LDAP/KRB5 authentication mode >> >> Hi Team, >> >> I haven't heard anything back on this, so just wondering if we know who >> is working on this part of the project so we could help out?! >> >> Thanks, >> -Daniel >> >> >> On Thu, 2016-07-14 at 14:51 -0600, Daniel Oliveira wrote: >> > Hi, >> > >> > I've talking to Kefu/Badone about the work in question and would like >> > to help with that. >> > >> > Please, who should I talk to in order to understand where we are at >> > and then start working on it? >> > >> > Thanks, >> > -Daniel >> > >> -- >> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > > -- > Matt Benjamin > Red Hat, Inc. > 315 West Huron Street, Suite 140A > Ann Arbor, Michigan 48103 > > http://www.redhat.com/en/technologies/storage > > tel. 734-707-0660 > fax. 734-769-8938 > cel. 734-216-5309 > -- > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: LDAP/KRB5 authentication mode 2016-07-19 20:34 ` Gregory Farnum @ 2016-07-20 0:28 ` Brad Hubbard 2016-07-20 0:41 ` Gregory Farnum 0 siblings, 1 reply; 9+ messages in thread From: Brad Hubbard @ 2016-07-20 0:28 UTC (permalink / raw) To: Gregory Farnum; +Cc: Matt Benjamin, Daniel Oliveira, ceph-devel, Sage Weil On Wed, Jul 20, 2016 at 6:34 AM, Gregory Farnum <gfarnum@redhat.com> wrote: > On Tue, Jul 19, 2016 at 12:47 PM, Matt Benjamin <mbenjamin@redhat.com> wrote: >> Hi Daniel, >> >> Sorry you haven't gotten a response. There is work ongoing in the RGW standup related to using LDAP and krb5 (via STS) authentication systems in -RGW-. Please consider coming to an RGW standup to sync up and discuss (though some details like design writeups of course come to this list). >> >> If your interest is in general ceph and ceph messaging, I defer to others and other discussion--e.g., Msgr2. > > Yeah, I don't think any work has been done on integrating Kerberos > into the monitor for log-in and getting ceph tickets etc yet. :( > -Greg I believe Daniel is referring to Msgr2 here. Who's the best contact for auth integration work in regards to Msgr2? > >> >> Regards, >> >> Matt >> >> ----- Original Message ----- >>> From: "Daniel Oliveira" <doliveira@suse.com> >>> To: ceph-devel@vger.kernel.org >>> Cc: sweil@redhat.com >>> Sent: Tuesday, July 19, 2016 1:38:31 PM >>> Subject: Re: LDAP/KRB5 authentication mode >>> >>> Hi Team, >>> >>> I haven't heard anything back on this, so just wondering if we know who >>> is working on this part of the project so we could help out?! >>> >>> Thanks, >>> -Daniel >>> >>> >>> On Thu, 2016-07-14 at 14:51 -0600, Daniel Oliveira wrote: >>> > Hi, >>> > >>> > I've talking to Kefu/Badone about the work in question and would like >>> > to help with that. >>> > >>> > Please, who should I talk to in order to understand where we are at >>> > and then start working on it? >>> > >>> > Thanks, >>> > -Daniel >>> > >>> -- >>> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >>> the body of a message to majordomo@vger.kernel.org >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >>> >> >> -- >> Matt Benjamin >> Red Hat, Inc. >> 315 West Huron Street, Suite 140A >> Ann Arbor, Michigan 48103 >> >> http://www.redhat.com/en/technologies/storage >> >> tel. 734-707-0660 >> fax. 734-769-8938 >> cel. 734-216-5309 >> -- >> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html > -- > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Cheers, Brad ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: LDAP/KRB5 authentication mode 2016-07-20 0:28 ` Brad Hubbard @ 2016-07-20 0:41 ` Gregory Farnum 2016-07-20 0:51 ` Brad Hubbard 0 siblings, 1 reply; 9+ messages in thread From: Gregory Farnum @ 2016-07-20 0:41 UTC (permalink / raw) To: Brad Hubbard; +Cc: Matt Benjamin, Daniel Oliveira, ceph-devel, Sage Weil On Tue, Jul 19, 2016 at 5:28 PM, Brad Hubbard <bhubbard@redhat.com> wrote: > On Wed, Jul 20, 2016 at 6:34 AM, Gregory Farnum <gfarnum@redhat.com> wrote: >> On Tue, Jul 19, 2016 at 12:47 PM, Matt Benjamin <mbenjamin@redhat.com> wrote: >>> Hi Daniel, >>> >>> Sorry you haven't gotten a response. There is work ongoing in the RGW standup related to using LDAP and krb5 (via STS) authentication systems in -RGW-. Please consider coming to an RGW standup to sync up and discuss (though some details like design writeups of course come to this list). >>> >>> If your interest is in general ceph and ceph messaging, I defer to others and other discussion--e.g., Msgr2. >> >> Yeah, I don't think any work has been done on integrating Kerberos >> into the monitor for log-in and getting ceph tickets etc yet. :( >> -Greg > > I believe Daniel is referring to Msgr2 here. > > Who's the best contact for auth integration work in regards to Msgr2? There are msgr2 features designed to support this, but it's mostly the same thing. Or at least, you certainly aren't going to be checking external-server kerberos tickets every time a client connects to an OSD — if you're running a kerberos server, that client will authenticate on the monitor via kerberos, and then the monitor will give it a ceph-specific thing for connecting to other servers. :) Anyway, even if they weren't, I don't think any real work's been done beyond speccing out the protocol. -Greg -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: LDAP/KRB5 authentication mode 2016-07-20 0:41 ` Gregory Farnum @ 2016-07-20 0:51 ` Brad Hubbard 2016-07-20 0:54 ` Gregory Farnum 0 siblings, 1 reply; 9+ messages in thread From: Brad Hubbard @ 2016-07-20 0:51 UTC (permalink / raw) To: Gregory Farnum; +Cc: Matt Benjamin, Daniel Oliveira, ceph-devel, Sage Weil On Tue, Jul 19, 2016 at 05:41:20PM -0700, Gregory Farnum wrote: > On Tue, Jul 19, 2016 at 5:28 PM, Brad Hubbard <bhubbard@redhat.com> wrote: > > On Wed, Jul 20, 2016 at 6:34 AM, Gregory Farnum <gfarnum@redhat.com> wrote: > >> On Tue, Jul 19, 2016 at 12:47 PM, Matt Benjamin <mbenjamin@redhat.com> wrote: > >>> Hi Daniel, > >>> > >>> Sorry you haven't gotten a response. There is work ongoing in the RGW standup related to using LDAP and krb5 (via STS) authentication systems in -RGW-. Please consider coming to an RGW standup to sync up and discuss (though some details like design writeups of course come to this list). > >>> > >>> If your interest is in general ceph and ceph messaging, I defer to others and other discussion--e.g., Msgr2. > >> > >> Yeah, I don't think any work has been done on integrating Kerberos > >> into the monitor for log-in and getting ceph tickets etc yet. :( > >> -Greg > > > > I believe Daniel is referring to Msgr2 here. > > > > Who's the best contact for auth integration work in regards to Msgr2? > > There are msgr2 features designed to support this, but it's mostly the > same thing. Or at least, you certainly aren't going to be checking > external-server kerberos tickets every time a client connects to an > OSD — if you're running a kerberos server, that client will > authenticate on the monitor via kerberos, and then the monitor will > give it a ceph-specific thing for connecting to other servers. :) > > Anyway, even if they weren't, I don't think any real work's been done > beyond speccing out the protocol. Perhaps a little background is in order heere. Recently Daniel approached Kefu and myself on IRC having just completed a project and looking for his next task. Since he had history working in the Identity Management space we suggested that leveraging his existing talents in that area may be a good idea and suggested he send an email to the list sounding out the best people to talk to in regard to that area. If we have no projects currently that relate to IDM with work under way then I guess Daniel will need to look in another area? > -Greg -- Cheers, Brad -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: LDAP/KRB5 authentication mode 2016-07-20 0:51 ` Brad Hubbard @ 2016-07-20 0:54 ` Gregory Farnum 2016-07-20 1:06 ` Brad Hubbard 0 siblings, 1 reply; 9+ messages in thread From: Gregory Farnum @ 2016-07-20 0:54 UTC (permalink / raw) To: Brad Hubbard; +Cc: Matt Benjamin, Daniel Oliveira, ceph-devel, Sage Weil On Tue, Jul 19, 2016 at 5:51 PM, Brad Hubbard <bhubbard@redhat.com> wrote: > On Tue, Jul 19, 2016 at 05:41:20PM -0700, Gregory Farnum wrote: >> On Tue, Jul 19, 2016 at 5:28 PM, Brad Hubbard <bhubbard@redhat.com> wrote: >> > On Wed, Jul 20, 2016 at 6:34 AM, Gregory Farnum <gfarnum@redhat.com> wrote: >> >> On Tue, Jul 19, 2016 at 12:47 PM, Matt Benjamin <mbenjamin@redhat.com> wrote: >> >>> Hi Daniel, >> >>> >> >>> Sorry you haven't gotten a response. There is work ongoing in the RGW standup related to using LDAP and krb5 (via STS) authentication systems in -RGW-. Please consider coming to an RGW standup to sync up and discuss (though some details like design writeups of course come to this list). >> >>> >> >>> If your interest is in general ceph and ceph messaging, I defer to others and other discussion--e.g., Msgr2. >> >> >> >> Yeah, I don't think any work has been done on integrating Kerberos >> >> into the monitor for log-in and getting ceph tickets etc yet. :( >> >> -Greg >> > >> > I believe Daniel is referring to Msgr2 here. >> > >> > Who's the best contact for auth integration work in regards to Msgr2? >> >> There are msgr2 features designed to support this, but it's mostly the >> same thing. Or at least, you certainly aren't going to be checking >> external-server kerberos tickets every time a client connects to an >> OSD — if you're running a kerberos server, that client will >> authenticate on the monitor via kerberos, and then the monitor will >> give it a ceph-specific thing for connecting to other servers. :) >> >> Anyway, even if they weren't, I don't think any real work's been done >> beyond speccing out the protocol. > > Perhaps a little background is in order heere. > > Recently Daniel approached Kefu and myself on IRC having just completed a > project and looking for his next task. Since he had history working in the > Identity Management space we suggested that leveraging his existing talents in > that area may be a good idea and suggested he send an email to the list > sounding out the best people to talk to in regard to that area. > > If we have no projects currently that relate to IDM with work under way then I > guess Daniel will need to look in another area? Unless he wants to drive the monitor integration? It's not really my charge, but obviously we have discussed it several times so there's some guidance available. (Sage and Matt, probably.) Otherwise, yeah, better find a project that has actual development and not just design work going on so far. :) -Greg -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: LDAP/KRB5 authentication mode 2016-07-20 0:54 ` Gregory Farnum @ 2016-07-20 1:06 ` Brad Hubbard 0 siblings, 0 replies; 9+ messages in thread From: Brad Hubbard @ 2016-07-20 1:06 UTC (permalink / raw) To: Gregory Farnum; +Cc: Matt Benjamin, Daniel Oliveira, ceph-devel, Sage Weil On Wed, Jul 20, 2016 at 10:54 AM, Gregory Farnum <gfarnum@redhat.com> wrote: > On Tue, Jul 19, 2016 at 5:51 PM, Brad Hubbard <bhubbard@redhat.com> wrote: >> On Tue, Jul 19, 2016 at 05:41:20PM -0700, Gregory Farnum wrote: >>> On Tue, Jul 19, 2016 at 5:28 PM, Brad Hubbard <bhubbard@redhat.com> wrote: >>> > On Wed, Jul 20, 2016 at 6:34 AM, Gregory Farnum <gfarnum@redhat.com> wrote: >>> >> On Tue, Jul 19, 2016 at 12:47 PM, Matt Benjamin <mbenjamin@redhat.com> wrote: >>> >>> Hi Daniel, >>> >>> >>> >>> Sorry you haven't gotten a response. There is work ongoing in the RGW standup related to using LDAP and krb5 (via STS) authentication systems in -RGW-. Please consider coming to an RGW standup to sync up and discuss (though some details like design writeups of course come to this list). >>> >>> >>> >>> If your interest is in general ceph and ceph messaging, I defer to others and other discussion--e.g., Msgr2. >>> >> >>> >> Yeah, I don't think any work has been done on integrating Kerberos >>> >> into the monitor for log-in and getting ceph tickets etc yet. :( >>> >> -Greg >>> > >>> > I believe Daniel is referring to Msgr2 here. >>> > >>> > Who's the best contact for auth integration work in regards to Msgr2? >>> >>> There are msgr2 features designed to support this, but it's mostly the >>> same thing. Or at least, you certainly aren't going to be checking >>> external-server kerberos tickets every time a client connects to an >>> OSD — if you're running a kerberos server, that client will >>> authenticate on the monitor via kerberos, and then the monitor will >>> give it a ceph-specific thing for connecting to other servers. :) >>> >>> Anyway, even if they weren't, I don't think any real work's been done >>> beyond speccing out the protocol. >> >> Perhaps a little background is in order heere. >> >> Recently Daniel approached Kefu and myself on IRC having just completed a >> project and looking for his next task. Since he had history working in the >> Identity Management space we suggested that leveraging his existing talents in >> that area may be a good idea and suggested he send an email to the list >> sounding out the best people to talk to in regard to that area. >> >> If we have no projects currently that relate to IDM with work under way then I >> guess Daniel will need to look in another area? > > Unless he wants to drive the monitor integration? It's not really my > charge, but obviously we have discussed it several times so there's > some guidance available. (Sage and Matt, probably.) > > Otherwise, yeah, better find a project that has actual development and > not just design work going on so far. :) Thanks for the insight Greg. > -Greg -- Cheers, Brad -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2016-07-20 1:06 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-07-14 20:51 LDAP/KRB5 authentication mode Daniel Oliveira 2016-07-19 17:38 ` Daniel Oliveira 2016-07-19 19:47 ` Matt Benjamin 2016-07-19 20:34 ` Gregory Farnum 2016-07-20 0:28 ` Brad Hubbard 2016-07-20 0:41 ` Gregory Farnum 2016-07-20 0:51 ` Brad Hubbard 2016-07-20 0:54 ` Gregory Farnum 2016-07-20 1:06 ` Brad Hubbard
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.