Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default

Jan Friesse Mon, 23 Jan 2023 01:25:30 -0800

Hi,

On 23/01/2023 01:37, S Sathish S via Users wrote:

Hi Team,


corosync 2.4.4 version provide mechanism to secure the communication path 
between nodes of a cluster by default? bcoz in our configuration secauth is 
turned off but still communication occur is encrypted.

Note : Capture tcpdump for port 5405 and I can see that the data is already 
garbled and not in the clear.

It's binary protocol so don't expect some really readable format (likexml/json/...). But with your config it should be unencrypted. You cancheck message "notice [TOTEM ] Initializing transmit/receive security(NSS) crypto: none hash: none" during start of corosync.


Regards,
  Honza


[root@node1 ~]# cat /etc/corosync/corosync.conf
totem {
     version: 2
     cluster_name: OCC
    secauth: off
     transport: udpu
}

nodelist {
     node {
         ring0_addr: node1
         nodeid: 1
     }

     node {
         ring0_addr: node2
         nodeid: 2
     }

     node {
         ring0_addr: node3
         nodeid: 3
     }
}

quorum {
     provider: corosync_votequorum
}

logging {
     to_logfile: yes
     logfile: /var/log/cluster/corosync.log
     to_syslog: no
     timestamp: on
}

Thanks and Regards,
S Sathish S


_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default

Reply via email to