Shared Secret Key Authentication And Encryption: Difference between revisions
Jump to navigation
Jump to search
KenRawlings (talk | contribs) (initial creation) |
KenRawlings (talk | contribs) (adding opensfs contract resources section) |
||
| Line 19: | Line 19: | ||
== Resources == | == Resources == | ||
* [https://jira.hpdd.intel.com/browse/LU-3289 IU Shared Secret Key authentication and encryption (LU-3289)] | * [https://jira.hpdd.intel.com/browse/LU-3289 IU Shared Secret Key authentication and encryption (LU-3289)] | ||
* [http://wiki.opensfs.org/Contract_SFS-DEV-002 OpenSFS Contract SFS-DEV-002] | |||
** [http://wiki.opensfs.org/File:Shared_keys_scope_v2.pdf Shared Key Scope v2] | |||
** [http://wiki.opensfs.org/File:Shared_keys_architecture.pdf Shared Key Architecture] | |||
** [http://wiki.opensfs.org/File:Shared_keys_HLD.docx Shared Key High Level Design] | |||
** [http://wiki.opensfs.org/File:Shared_keys_RPC_diagram.pdf Shared Key RPC Diagram] | |||
** [http://wiki.opensfs.org/File:Kerberos_setup_guide.pdf Kerberos Setup Guide] | |||
== Presentations == | == Presentations == | ||
Latest revision as of 12:40, 29 June 2016
Introduction
Shared Key offers
- Isolation
- Prevents clients from mounting without the shared key
- Group and isolate NID ranges to a specific key (with UID/GID Mapping)
- Message Integrity
- Prevents man-in-the-middle attacks
- Ensure RPCs cannot be altered without detection
- Privacy
- Prevents eavesdropping
- Encryption of RPCs
- Ability to choose security flavors between OSS, MDS, MGS, and client nodes, as site policy dictates