Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

20.7. Deauthorizing a Client

To revoke the authorization of a client to access the Red Hat Gluster Storage trusted storage pool, you can do any of the following:
  • Remove an authorized client from the allowed list
  • Revoke SSL/TLS certificate authorization through a certificate revocation list (CRL)

20.7.1. To Remove an Authorized Client From the Allowed List
Copier lien

Procedure 20.12. Removing an authorized client from the allowed list

  1. List currently authorized clients and servers

    $ gluster volume get VOLNAME auth.ssl-allow
    Copy to Clipboard Toggle word wrap
    For example, the following command shows that there are three authorized servers and five authorized clients. 
    $ gluster volume get sample_volname auth.ssl-allow
server1,server2,server3,client1,client2,client3,client4,client5
    Copy to Clipboard Toggle word wrap

  2. Remove clients to deauthorize from the output

    For example, if you want to deauthorize client2 and client4, copy the string and remove those clients from the list. 
    server1,server2,server3,client1,client3,client5
    Copy to Clipboard Toggle word wrap

  3. Set the new list of authorized clients and servers

    Set the value of auth.ssl-allow to your updated string. 
    $ gluster volume set VOLNAME auth.ssl-allow <list_of_systems>
    Copy to Clipboard Toggle word wrap
    For example, the updated list shows three servers and three clients. 
    $ gluster volume set sample_volname auth.ssl-allow server1,server2,server3,client1,client3,client5
    Copy to Clipboard Toggle word wrap
To protect the cluster from malicious or unauthorized network entities, you can specify a path to a directory containing SSL certificate revocation list (CRL) using the ssl.crl-path option. The path containing the list of revoked certificates enables server nodes to stop the nodes with revoked certificates from accessing the cluster.
For example, you can provide the path to a directory containing CRL with the volume set command as follows: 
$ gluster volume set vm-images ssl.crl-path /etc/ssl/
Copy to Clipboard Toggle word wrap

Note

Only the CA signed certificates can be revoked and not the self-signed certificates
To set up the CRL files, perform the following:
  1. Copy the CRL files to a directory.
  2. Change directory to the directory containing CRL files.
  3. Compute hashes to the CRL files using the c_rehash utility. 
    $ c_rehash .
    Copy to Clipboard Toggle word wrap
    The hash and symbolic linking can be done using the c_rehash utility, which is available through the openssl-perl RPM. The name of the symbolic link must be the hash of the Common Name. For more information, see the crl man page.
  4. Set the ssl.crl-path volume option. 
    $ gluster volume set VOLNAME ssl.crl-path path-to-directory
    Copy to Clipboard Toggle word wrap
    where, path-to-directory has to be an absolute name of the directory that hosts the CRL files.
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat