Shared Secret Key Authentication And Encryption

Introduction
Shared Key offers


 * Isolation
 * Prevents clients from mounting without the shared key
 * Group and isolate NID ranges to a specific key (with UID/GID Mapping)


 * Message Integrity
 * Prevents man-in-the-middle attacks
 * Ensure RPCs cannot be altered without detection


 * Privacy
 * Prevents eavesdropping
 * Encryption of RPCs


 * Ability to choose security flavors between OSS, MDS, MGS, and client nodes, as site policy dictates

Resources

 * IU Shared Secret Key authentication and encryption (LU-3289)
 * OpenSFS Contract SFS-DEV-002
 * Shared Key Scope v2
 * Shared Key Architecture
 * Shared Key High Level Design
 * Shared Key RPC Diagram
 * Kerberos Setup Guide

Presentations

 * Securing Lustre with Nodemap and Shared Key (Lustre Ecosystem 2016)
 * Using UID Mapping in Lustre 2.7 and GSS Shared Key Update (LUG 2015)