[ClusterLabs] Antw: [EXT] Re: corosync 2.4.4 version provide secure the communication by default
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Mon Jan 23 06:51:51 EST 2023
>>> Jan Friesse <jfriesse at redhat.com> schrieb am 23.01.2023 um 10:20 in Nachricht
<d0e27873-4249-0bab-fc24-b97130555fef at redhat.com>:
> Hi,
>
> On 23/01/2023 01:37, S Sathish S via Users wrote:
>> Hi Team,
>>
>> corosync 2.4.4 version provide mechanism to secure the communication path
> between nodes of a cluster by default? bcoz in our configuration secauth is
> turned off but still communication occur is encrypted.
>>
>> Note : Capture tcpdump for port 5405 and I can see that the data is already
> garbled and not in the clear.
>
> It's binary protocol so don't expect some really readable format (like
> xml/json/...). But with your config it should be unencrypted. You can
> check message "notice [TOTEM ] Initializing transmit/receive security
> (NSS) crypto: none hash: none" during start of corosync.
Probably a good example for "a false feeling of security" (you think the comminication is encrypted, while in fact it is not).
>
> Regards,
> Honza
>
>
>>
>> [root at node1 ~]# cat /etc/corosync/corosync.conf
>> totem {
>> version: 2
>> cluster_name: OCC
>> secauth: off
>> transport: udpu
>> }
>>
>> nodelist {
>> node {
>> ring0_addr: node1
>> nodeid: 1
>> }
>>
>> node {
>> ring0_addr: node2
>> nodeid: 2
>> }
>>
>> node {
>> ring0_addr: node3
>> nodeid: 3
>> }
>> }
>>
>> quorum {
>> provider: corosync_votequorum
>> }
>>
>> logging {
>> to_logfile: yes
>> logfile: /var/log/cluster/corosync.log
>> to_syslog: no
>> timestamp: on
>> }
>>
>> Thanks and Regards,
>> S Sathish S
>>
>>
>> _______________________________________________
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users
>>
>> ClusterLabs home: https://www.clusterlabs.org/
>>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
More information about the Users
mailing list