Cephx authentication
The cephx protocol is enabled by default.
Cryptographic authentication has some computational costs, though they are generally low. If the
network environment connecting clients and hosts is considered safe and you cannot afford
authentication computational costs, you can disable it. When deploying a Ceph storage cluster, the
deployment tool creates the client.admin user and keyring.
Important: Use authentication. If authentication is disabled you are at risk of a
man-in-the-middle attack altering client and server messages, which can lead to significant security
issues.
Enabling and disabling Cephx
Enabling Cephx requires that you have deployed keys for the Ceph Monitors and OSDs. When toggling Cephx authentication on or off, you do not have to repeat the deployment procedures.