Hi,
On 02.10.20 14:38, Alessandro Piazza wrote:
However, from the Ceph docs, I can't understand if
this might be a correct use-case for Ceph since the default authentication method CephX
doesn't have a standard username/password authentication protocol.
CephX is to authenticate the client process against the Ceph cluster,
not the human user of the data.
After mounting the CephFS you have user permissions including ACLs in
the filesystem like in any other local filesystem.
But: I would not recommend mounting CephFS to random user workstations
as they can impersonate any User ID locally.
The recommended way is to run a Samba cluster using CephFS as backend.
Your users would then authenticate against Samba which would need to
speak to your LDAP/Kerberos.
Regards
--
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin
https://www.heinlein-support.de
Tel: 030 / 405051-43
Fax: 030 / 405051-19
Amtsgericht Berlin-Charlottenburg - HRB 93818 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin