[Bugs] [Bug 1568844] [snapshot-scheduler] Prevent access of shared storage volume from the outside client
bugzilla at redhat.com
bugzilla at redhat.com
Sun Apr 22 03:03:42 UTC 2018
https://bugzilla.redhat.com/show_bug.cgi?id=1568844
--- Comment #5 from Worker Ant <bugzilla-bot at gluster.org> ---
COMMIT: https://review.gluster.org/19899 committed in master by "Shyamsundar
Ranganathan" <srangana at redhat.com> with a commit message- server/auth: add
option for strict authentication
When this option is enabled, we will check for a matching
username and password, if not found then the connection will
be rejected. This also does a checksum validation of volfile
The option is invalid when SSL/TLS is in use, at which point
the SSL/TLS certificate user name is used to validate and
hence authorize the right user. This expects TLS allow rules
to be setup correctly rather than the default *.
This option is not settable, as a result this cannot be enabled
for volumes using the CLI. This is used with the shared storage
volume, to restrict access to the same in non-SSL/TLS environments
to the gluster peers only.
Tested:
./tests/bugs/protocol/bug-1321578.t
./tests/features/ssl-authz.t
- Ran tests on volumes with and without strict auth
checking (as brick vol file needed to be edited to test,
or rather to enable the option)
- Ran tests on volumes to ensure existing mounts are
disconnected when we enable strict checking
Change-Id: I2ac4f0cfa5b59cc789cc5a265358389b04556b59
fixes: bz#1568844
Signed-off-by: Mohammed Rafi KC <rkavunga at redhat.com>
Signed-off-by: ShyamsundarR <srangana at redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=2vGFUKf7xG&a=cc_unsubscribe
More information about the Bugs
mailing list