Authentication considerations
To enable read and write access to directories and files for the users on the IBM Storage Scale system, you must configure user authentication on the system. Only one user authentication method, and only one instance of that method, can be supported.
- ✓: Supported
- X: Not supported
- NA: Not applicable
| Authentication method | ID-mapping method | File | |||||
|---|---|---|---|---|---|---|---|
| SMB | SMB with Kerberos | NFSV3 | NFSV3 with Kerberos | NFSV4 | NFSV4 with Kerberos | ||
| User-defined | User-defined | NA | NA | NA | NA | NA | NA |
| LDAP with TLS | LDAP | ✓ | NA | ✓ | NA | ✓ | NA |
| LDAP with Kerberos | LDAP | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| LDAP with Kerberos and TLS | LDAP | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| LDAP without TLS and without Kerberos | LDAP | ✓ | NA | ✓ | NA | ✓ | NA |
| LDAP with SSL | NA | NA | NA | NA | NA | NA | |
| AD | Automatic | ✓ | ✓ | X | X | X | X |
| AD | RFC2307 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| AD | LDAP | ✓ | ✓ | ✓ | X | X | X |
| AD with SSL | NA | NA | NA | NA | NA | NA | |
| AD with TLS | NA | NA | NA | NA | NA | NA | |
| Network Information Service (NIS) | NIS | NA | NA | ✓ | NA | ✓ | NA |
| Local | None | NA | NA | NA | NA | NA | NA |
| Local (OpenStack Keystone) | None | NA | NA | NA | NA | NA | NA |
| Local (OpenStack Keystone) with SSL | None | NA | NA | NA | NA | NA | NA |
- NIS authentication is not supported for RHEL 9.
- In the user-defined mode, the customer is free to choose the authentication and ID-mapping methods and manage on their own. That is, the authentication needs to be configured by the administrator outside of the IBM Storage Scale commands and ensure that it is common and consistent across the cluster.
- If LDAP-based authentication is used, ACL management for SMB is not supported.
Unified identity in protocols: In this case, we need to ensure that the users get the same user UID and GID across NFS and SMB.
The authentication requests that are received from the client systems are handled by the corresponding services in the IBM Storage Scale system. For example, if a user needs to access the NFS data, the NFS services resolves the access request by interacting with the corresponding authentication and ID-mapping servers.
For more information about how to configure authentication, see Managing protocol user authentication.
For more planning information, for example, prerequisites, see Configuring authentication and ID mapping for file access.