Shared Secret Key Authentication And Encryption

From Lustre Wiki
Jump to: navigation, search

Introduction

Shared Key offers

  • Isolation
    • Prevents clients from mounting without the shared key
    • Group and isolate NID ranges to a specific key (with UID/GID Mapping)
  • Message Integrity
    • Prevents man-in-the-middle attacks
    • Ensure RPCs cannot be altered without detection
  • Privacy
    • Prevents eavesdropping
    • Encryption of RPCs
  • Ability to choose security flavors between OSS, MDS, MGS, and client nodes, as site policy dictates

Resources

Presentations