Discarding authentication tickets

Virtual Storage Platform One SDS Block System Administrator Guide

Version
1.15.x
Audience
anonymous
Part Number
MK-24VSP1SDS001-02

Discard all the authentication tickets that were previously issued.

Perform discarding of authentication tickets in the following cases:

  • An authentication ticket is lost.

  • A security incident such as theft has occurred.

  • Customer support issued an authentication ticket.

  • The configuration information was restored.

If discarding of the authentication tickets cannot be reflected on some of the storage nodes (due to a failure or other reason), an event log indicating such storage nodes is notified.

  • Required role: Security

  1. Discard the authentication tickets.

    REST API: POST /v1/objects/tickets/actions/revoke-all/invoke

    CLI: ticket_revoke_all

    Verify the job ID which is displayed after the command is run.

  2. Verify the state of the job by specifying the job ID.

    REST API: GET /v1/objects/jobs/<jobId>

    CLI: job_show

    After running the command, if you receive a response indicating "Succeeded" as the state, the job is completed. Go to step 5.

    If the job is unsuccessful, go to steps 3 and 4.

  3. If discarding of the authentication ticket cannot be successfully performed on some of the storage nodes, it is notified in an event log. Verify the event log and identify the unsuccessful storage node.
  4. Verify the status of the identified storage node. If it is blocked, perform maintenance recovery or maintenance replacement. If the storage node is not blocked, perform maintenance blocking, and then perform maintenance recovery or maintenance replacement.
  5. After the authentication tickets are successfully discarded, notify all the users having the Service role and Security role of discarding of the authentication tickets and request them to re-create an authentication ticket.