[ClusterLabs] Question regarding the security of corosync
Andrei Borzenkov
arvidjaar at gmail.com
Wed Jun 22 01:12:37 EDT 2022
On 22.06.2022 02:27, Antony Stone wrote:
> On Friday 17 June 2022 at 11:39:14, Mario Freytag wrote:
>
>> I’d like to ask about the security of corosync. We’re using a Proxmox HA
>> setup in our testing environment and need to confirm it’s compliance with
>> PCI guidelines.
>>
>> We have a few questions:
>>
>> Is the communication encrypted?
>> What method of encryption is used?
>> What method of authentication is used?
>> What is the recommended way of separation for the corosync network? VLAN?
>
> Your first three questions are probably well-answered by
> https://github.com/fghaas/corosync/blob/master/SECURITY
>
This is thirteen years old file which is not present in the current
corosync sources. I hesitate to use it as the answer to anything
*today*. If it is still relevant, why it was removed?
> For the fourth, I agree with Jan Friesse - a dedicated physical network is
> best; a dedicated VLAN is second best.
>
>
> Antony.
>
More information about the Users
mailing list