>>> Jan Friesse <jfrie...@redhat.com> schrieb am 23.01.2023 um 15:54 in >>> Nachricht <c8633c5c-453c-9062-9ea3-5a97f1a01...@redhat.com>: > On 23/01/2023 12:51, Ulrich Windl wrote: >>>>> Jan Friesse <jfrie...@redhat.com> schrieb am 23.01.2023 um 10:20 in >>>>> Nachricht >> <d0e27873-4249-0bab-fc24-b97130555...@redhat.com>: >>> Hi, >>> >>> On 23/01/2023 01:37, S Sathish S via Users wrote: >>>> Hi Team, >>>> >>>> corosync 2.4.4 version provide mechanism to secure the communication path >>> between nodes of a cluster by default? bcoz in our configuration secauth is >>> turned off but still communication occur is encrypted. >>>> >>>> Note : Capture tcpdump for port 5405 and I can see that the data is already >>> garbled and not in the clear. >>> >>> It's binary protocol so don't expect some really readable format (like >>> xml/json/...). But with your config it should be unencrypted. You can >>> check message "notice [TOTEM ] Initializing transmit/receive security >>> (NSS) crypto: none hash: none" during start of corosync. >> >> Probably a good example for "a false feeling of security" (you think the > comminication is encrypted, while in fact it is not). > > Yeah, "none" and "none" is definitively "false feeling of security" and > definitively suggest communication is encrypted. Sigh...
I meant "looking at the bytes on the network", not at the tool's output... > > >> >>> >>> Regards, >>> Honza >>> >>> >>>> >>>> [root@node1 ~]# cat /etc/corosync/corosync.conf >>>> totem { >>>> version: 2 >>>> cluster_name: OCC >>>> secauth: off >>>> transport: udpu >>>> } >>>> >>>> nodelist { >>>> node { >>>> ring0_addr: node1 >>>> nodeid: 1 >>>> } >>>> >>>> node { >>>> ring0_addr: node2 >>>> nodeid: 2 >>>> } >>>> >>>> node { >>>> ring0_addr: node3 >>>> nodeid: 3 >>>> } >>>> } >>>> >>>> quorum { >>>> provider: corosync_votequorum >>>> } >>>> >>>> logging { >>>> to_logfile: yes >>>> logfile: /var/log/cluster/corosync.log >>>> to_syslog: no >>>> timestamp: on >>>> } >>>> >>>> Thanks and Regards, >>>> S Sathish S >>>> >>>> >>>> _______________________________________________ >>>> Manage your subscription: >>>> https://lists.clusterlabs.org/mailman/listinfo/users >>>> >>>> ClusterLabs home: https://www.clusterlabs.org/ >>>> >>> >>> _______________________________________________ >>> Manage your subscription: >>> https://lists.clusterlabs.org/mailman/listinfo/users >>> >>> ClusterLabs home: https://www.clusterlabs.org/ >> >> >> >> >> _______________________________________________ >> Manage your subscription: >> https://lists.clusterlabs.org/mailman/listinfo/users >> >> ClusterLabs home: https://www.clusterlabs.org/ >> > > _______________________________________________ > Manage your subscription: > https://lists.clusterlabs.org/mailman/listinfo/users > > ClusterLabs home: https://www.clusterlabs.org/ _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/