[Gluster-users] Password *and* IP authentication

Raghavendra G raghavendra.hg at gmail.com
Mon Oct 20 05:54:31 UTC 2008


Hi Andrew,
comments are inlined.

On Fri, Oct 17, 2008 at 12:35 PM, Andrew McGill <list2008 at lunch.za.net>wrote:

> When I set up a server volume with this configuration with both IP and
> user/password authentication, access to the volume is permitted based on
> the
> source IP address only.
>
> Is there a way of requiring both IP address AND user/password
> authentication?
> (IP authentication is insecure, since it can be spoofed from the local
> network, but login authentication is worse, since it can be used.)  (I
> suspect the answer is no at the moment, judging by the code...)


yes, its possible to configure  so that both IP and password based
authentication are required. For more details look into
glusterfs-src/doc/authentication.txt


>
> As a more general question, can multiple authentication methods be required
> for a server?
>
> # config snippet ...
>
> volume server
>  type protocol/server
>  option transport-type tcp/server
>  subvolumes brick
>
>  option auth.ip.brick.allow 192.168.0.19 # Allow access to "brick" volume
>  option auth.login.brick.allow john
>  option auth.login.joe.password bigsecret
> end-volume
>

option auth.ip.brick.reject !192.168.0.19 #reject all clients other than
192.168.0.19
option auth.login.brick.allow john
option auth.login.joe.password bigsecret

authentication works on the principle that "In order to allow access to a
client, none of the authentication methods configured should reject the
client and atleast one of the methods should accept the client"


>
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://zresearch.com/cgi-bin/mailman/listinfo/gluster-users
>

regards,

-- 
Raghavendra G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20081020/d4559434/attachment.html>


More information about the Gluster-users mailing list