[bug #17291] glusterfsd - clients should be authenticated and handshake versions

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[bug #17291] glusterfsd - clients should be authenticated and handshake versions

Eric L.-2

URL:
  <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=17291>

                 Summary: glusterfsd - clients should be authenticated  and
handshake versions
                 Project: Gluster
            Submitted by: avati
            Submitted on: Thursday 08/03/2006 at 18:03
                Category: GlusterFS
                Severity: 4 - Important
                Priority: 5 - Normal
              Item Group: Missing Feature
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
        Operating System: GNU/Linux

    _______________________________________________________

Details:

clients should be authenticated. possibilities -

a. ip list
b. password
c. certificates

they should handshake and approve on each others protocol versions







    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=17291>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/



_______________________________________________
Gluster-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/gluster-devel
Reply | Threaded
Open this post in threaded view
|

[bug #17291] glusterfsd - clients should be authenticated and handshake versions

Eric L.-2

Update of bug #17291 (project gluster):

             Assigned to:                    None => amarts                

    _______________________________________________________

Follow-up Comment #1:

The handshake should also select the volume to be mounted.

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=17291>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/



_______________________________________________
Gluster-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/gluster-devel
Reply | Threaded
Open this post in threaded view
|

[bug #17291] glusterfsd - clients should be authenticated and handshake versions

Eric L.-2

Update of bug #17291 (project gluster):

                  Status:                    None => In Progress            


    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=17291>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/



_______________________________________________
Gluster-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/gluster-devel
Reply | Threaded
Open this post in threaded view
|

[bug #17291] glusterfsd - clients should be authenticated and handshake versions

Eric L.-2

Follow-up Comment #2, bug #17291 (project gluster):

Basic Export works now. Few more condition checks need to be implemented.

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=17291>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/



_______________________________________________
Gluster-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/gluster-devel
Reply | Threaded
Open this post in threaded view
|

[bug #17291] glusterfsd - clients should be authenticated and handshake versions

Eric L.-2

Update of bug #17291 (project gluster):

              Item Group:         Missing Feature => Improper behaviour    

    _______________________________________________________

Follow-up Comment #3:

valid client IP lists + asserting client source port < 1024 should be the
first level of implementation. At a later point certificate based
authentication may be introduced.

IP validation happens at the time of 'attaching remote volume' where each
node specifies its AllowedIP list.

for clients source port > 1024, only management read-only commands may be
provided

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?func=detailitem&item_id=17291>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/



_______________________________________________
Gluster-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/gluster-devel
Reply | Threaded
Open this post in threaded view
|

[bug #17291] glusterfsd - clients should be authenticated and handshake versions

Eric L.-2

Update of bug #17291 (project gluster):

                  Status:             In Progress => Fixed                  
             Open/Closed:                    Open => Closed                

    _______________________________________________________

Follow-up Comment #4:

basic ip verification and port < 1024 (for checking if its root) is done.

client side option in spec file.
---
Option RemoteSubVolume Union
---

server side option in spec file.
---
Option AllowIP 192.168.1.*,127.0.0.1
---

Other authentication methods are postponed later versions.


    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?17291>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/



_______________________________________________
Gluster-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/gluster-devel