Bug 1647650

Description of problem:

In the Admin Guide under "Chapter 5 User Management" [1] in the beginning there is no mention that cephx is the name of the authentication system that ceph uses.

Then it is mentioned without explanation under "5.1.1. User" [2]:

"The reason for user typing is that Ceph monitors, and OSDs also use the Cephx protocol, but they are not clients." It's also odd it's mentioned as if it were previously referenced ("also").

Finally under "5.5. Limitations" cephx is described [3]

"The cephx protocol authenticates Ceph clients and servers to each other."

In the File System Guide there are several occurrences of "If you use the cephx authentication..." before instructions to do something required in that case.

Personally, as someone who is not yet very experienced with Ceph, I didn't know if I used cephfx. The way it was presented I interpreted it as if it were an optional thing and I didn't remember setting it up explicitly so I skipped doing  a step related to it (https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/ceph_file_system_guide/#creating-ceph-file-system-client-users).

Later I found things didn't work.

Finally I searched the admin guide and I saw this under "Chapter 5. User Management" [4]

"When Ceph runs with authentication and authorization enabled (enabled by default),"

But as I mentioned in the beginning of this report, there is no mention that cephx is the protocol/authentication system ceph uses. 

In the Data Security and Hardening Guide under "4.1. Ceph Storage Cluster User Access" [5] it explains cephfx is the auth system right away:

"To identify users and protect against man-in-the-middle attacks, Ceph provides its cephx authentication system to authenticate users and daemons."

Finally, I got my answer.

I think the Admin Guide should say that cephx is the auth system and/or protocol Ceph uses for user management in the beginning of the content on users/auth.

Also, in the File System Guide, I think it would be better if instead of saying this:

"If you use the cephx authentication, you must create a user for Ceph File System clients with correct authentication capabilities on a Monitor node and copy it to the node where the Ceph File System will be mounted. "

It should say something like this:

"If using the cephx authentication system, which is enabled by default, you must create a user..."
 

1) https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/administration_guide/#user_management

2) https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/administration_guide/#user

3) https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/administration_guide/#limitations

4) https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/administration_guide/#user_management

5) https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/data_security_and_hardening_guide/#ceph-storage-cluster-user-access-security

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info: