Cephx configuration options
The following are Cephx configuration options that can be set up during deployment.
auth_cluster_requiredDescription
Valid settings arecephxornone.auth_service_requiredDescription
Valid settings arecephxornone.auth_client_requiredDescription
If enabled, the IBM Storage Ceph cluster daemons require Ceph clients to authenticate with the IBM Storage Ceph cluster in order to access Ceph services. Valid settings arecephxornone.keyringDescription
The path to the keyring file.keyfileDescription
The path to a key file (that is. a file containing only the key).keyDescription
The key (that is, the text string of the key itself). Not recommended.ceph-monLocation
$mon_data/keyringceph-osdLocation
$osd_data/keyringradosgwLocation
$rgw_data/keyringcephx_require_signaturesDescription
If set totrue, Ceph requires signatures on all message traffic between the Ceph client and the IBM Storage Ceph cluster, and between daemons comprising the IBM Storage Ceph cluster.cephx_cluster_require_signaturesDescription
If set totrue, Ceph requires signatures on all message traffic between Ceph daemons comprising the IBM Storage Ceph cluster.cephx_service_require_signaturesDescription
If set totrue, Ceph requires signatures on all message traffic between Ceph clients and the IBM Storage Ceph cluster.cephx_sign_messagesDescription
If the Ceph version supports message signing, Ceph will sign all messages so they cannot be spoofed.auth_service_ticket_ttlDescription
When the IBM Storage Ceph cluster sends a Ceph client a ticket for authentication, the cluster assigns the ticket a time to live.