>>> Jan Friesse <jfrie...@redhat.com> schrieb am 23.01.2023 um 10:20 in >>> Nachricht <d0e27873-4249-0bab-fc24-b97130555...@redhat.com>: > Hi, > > On 23/01/2023 01:37, S Sathish S via Users wrote: >> Hi Team, >> >> corosync 2.4.4 version provide mechanism to secure the communication path > between nodes of a cluster by default? bcoz in our configuration secauth is > turned off but still communication occur is encrypted. >> >> Note : Capture tcpdump for port 5405 and I can see that the data is already > garbled and not in the clear. > > It's binary protocol so don't expect some really readable format (like > xml/json/...). But with your config it should be unencrypted. You can > check message "notice [TOTEM ] Initializing transmit/receive security > (NSS) crypto: none hash: none" during start of corosync.
Probably a good example for "a false feeling of security" (you think the comminication is encrypted, while in fact it is not). > > Regards, > Honza > > >> >> [root@node1 ~]# cat /etc/corosync/corosync.conf >> totem { >> version: 2 >> cluster_name: OCC >> secauth: off >> transport: udpu >> } >> >> nodelist { >> node { >> ring0_addr: node1 >> nodeid: 1 >> } >> >> node { >> ring0_addr: node2 >> nodeid: 2 >> } >> >> node { >> ring0_addr: node3 >> nodeid: 3 >> } >> } >> >> quorum { >> provider: corosync_votequorum >> } >> >> logging { >> to_logfile: yes >> logfile: /var/log/cluster/corosync.log >> to_syslog: no >> timestamp: on >> } >> >> Thanks and Regards, >> S Sathish S >> >> >> _______________________________________________ >> Manage your subscription: >> https://lists.clusterlabs.org/mailman/listinfo/users >> >> ClusterLabs home: https://www.clusterlabs.org/ >> > > _______________________________________________ > Manage your subscription: > https://lists.clusterlabs.org/mailman/listinfo/users > > ClusterLabs home: https://www.clusterlabs.org/ _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/