Shared Secret Key Authentication And Encryption

Introduction

Shared Key offers

• Isolation
  • Prevents clients from mounting without the shared key
  • Group and isolate NID ranges to a specific key (with UID/GID Mapping)

• Message Integrity
  • Prevents man-in-the-middle attacks
  • Ensure RPCs cannot be altered without detection

• Privacy
  • Prevents eavesdropping
  • Encryption of RPCs

• Ability to choose security flavors between OSS, MDS, MGS, and client nodes, as site policy dictates

Resources

• IU Shared Secret Key authentication and encryption (LU-3289)
• OpenSFS Contract SFS-DEV-002
  • Shared Key Scope v2
  • Shared Key Architecture
  • Shared Key High Level Design
  • Shared Key RPC Diagram
  • Kerberos Setup Guide

Presentations

• Securing Lustre with Nodemap and Shared Key (Lustre Ecosystem 2016)
• Using UID Mapping in Lustre 2.7 and GSS Shared Key Update (LUG 2015)