diff options
| author | Zac Dover <zac.dover@proton.me> | 2023-09-25 06:34:06 +0200 |
|---|---|---|
| committer | Zac Dover <zac.dover@proton.me> | 2023-09-25 06:53:29 +0200 |
| commit | cb680a7865c4766d54d535889ec1517a0e84b5b5 (patch) | |
| tree | 29dc62f48f3b55e953612553233347fc98738beb /doc/architecture.rst | |
| parent | Merge pull request #53575 from rkachach/fix_issue_62838 (diff) | |
| download | ceph-cb680a7865c4766d54d535889ec1517a0e84b5b5.tar.xz ceph-cb680a7865c4766d54d535889ec1517a0e84b5b5.zip | |
doc/architecture: edit "HA Authentication"
Edit "High Availability Authentication" in doc/architecture.rst.
Co-authored-by: Anthony D'Atri <anthony.datri@gmail.com>
Signed-off-by: Zac Dover <zac.dover@proton.me>
Diffstat (limited to 'doc/architecture.rst')
| -rw-r--r-- | doc/architecture.rst | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/doc/architecture.rst b/doc/architecture.rst index fd25fec18f4..bedbc1c20b9 100644 --- a/doc/architecture.rst +++ b/doc/architecture.rst @@ -317,10 +317,11 @@ and uses it to sign requests to OSDs and to metadata servers in the cluster. |<----+ | -The ``cephx`` protocol authenticates ongoing communications between the client -machine and the Ceph servers. Each message sent between a client and server, -subsequent to the initial authentication, is signed using a ticket that the -monitors, OSDs and metadata servers can verify with their shared secret. +The ``cephx`` protocol authenticates ongoing communications between the clients +and Ceph daemons. After initial authentication, each message sent between a +client and a daemon is signed using a ticket that can be verified by monitors, +OSDs, and metadata daemons. This ticket is verified by using the secret shared +between the client and the daemon. .. ditaa:: @@ -356,12 +357,11 @@ monitors, OSDs and metadata servers can verify with their shared secret. |<-------------------------------------------| receive response -The protection offered by this authentication is between the Ceph client and the -Ceph server hosts. The authentication is not extended beyond the Ceph client. If -the user accesses the Ceph client from a remote host, Ceph authentication is not +This authentication protects only the connections between Ceph clients and Ceph +daemons. The authentication is not extended beyond the Ceph client. If a user +accesses the Ceph client from a remote host, cephx authentication will not be applied to the connection between the user's host and the client host. - See `Cephx Config Guide`_ for more on configuration details. See `User Management`_ for more on user management. |