[Gluster-users] Password *and* IP authentication

Raghavendra G raghavendra.hg at gmail.com
Mon Oct 20 05:54:31 UTC 2008

Hi Andrew,
comments are inlined.

On Fri, Oct 17, 2008 at 12:35 PM, Andrew McGill <list2008 at lunch.za.net>wrote:

> When I set up a server volume with this configuration with both IP and
> user/password authentication, access to the volume is permitted based on
> the
> source IP address only.
> Is there a way of requiring both IP address AND user/password
> authentication?
> (IP authentication is insecure, since it can be spoofed from the local
> network, but login authentication is worse, since it can be used.)  (I
> suspect the answer is no at the moment, judging by the code...)

yes, its possible to configure  so that both IP and password based
authentication are required. For more details look into

> As a more general question, can multiple authentication methods be required
> for a server?
> # config snippet ...
> volume server
>  type protocol/server
>  option transport-type tcp/server
>  subvolumes brick
>  option auth.ip.brick.allow # Allow access to "brick" volume
>  option auth.login.brick.allow john
>  option auth.login.joe.password bigsecret
> end-volume

option auth.ip.brick.reject ! #reject all clients other than
option auth.login.brick.allow john
option auth.login.joe.password bigsecret

authentication works on the principle that "In order to allow access to a
client, none of the authentication methods configured should reject the
client and atleast one of the methods should accept the client"

> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://zresearch.com/cgi-bin/mailman/listinfo/gluster-users


Raghavendra G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20081020/d4559434/attachment.html>

More information about the Gluster-users mailing list