Shared Secret Key Authentication And Encryption

From Lustre Wiki
Revision as of 12:40, 29 June 2016 by KenRawlings (talk | contribs) (adding opensfs contract resources section)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction

Shared Key offers

  • Isolation
    • Prevents clients from mounting without the shared key
    • Group and isolate NID ranges to a specific key (with UID/GID Mapping)
  • Message Integrity
    • Prevents man-in-the-middle attacks
    • Ensure RPCs cannot be altered without detection
  • Privacy
    • Prevents eavesdropping
    • Encryption of RPCs
  • Ability to choose security flavors between OSS, MDS, MGS, and client nodes, as site policy dictates

Resources

Presentations

Retrieved from "http://wiki.lustre.org/index.php?title=Shared_Secret_Key_Authentication_And_Encryption&oldid=1814"