Hi, everyone. According to the documentation, “auth_cluster_required” means that “the Ceph Storage Cluster daemons (i.e., ceph-mon, ceph-osd, and ceph-mds) must authenticate with each other”. So, I guess if I only need to verify the client, then "auth_cluster_required" doesn't need to be enabled. However, when I disable "auth_cluster_required" while leaving the other two configuration items enabled, the clients can't finish the verification phase, due to the osd doesn't have the service_secret that required in hand. I did some reading of the cephx's source code, it seems that the reason for this phenomenon is that when the MonClient is communicating with monitor on behalf of OSD/MON/MDS, whether it uses cephx is based on the configuration of "auth_cluster_required" and if it is disabled it won't go through the authentication phase with monitors and as a result, it won't get the service_secrets.
It is supposed to be like this? I mean it seems that since there are three configuration items for cephx, it should be able to disable one of them while the system still run regularly. Otherwise, why three? Please help me, thank you:-) _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
