Man Linux: Main Page and Category List

NAME

       authkeys - Authentication file for the Heartbeat cluster messaging
       layer

DESCRIPTION

       /etc/ha.d/authkeys is read by heartbeat(8). It enables Heartbeat to
       securely authenticate cluster nodes.

       This file must not be readable or writable by any users other than
       root.

FILE FORMAT

       Two lines are required in the authkeys file:

        1. A line which says which key to use in signing outgoing packets

        2. One or more lines defining how incoming packets might be being
           signed.

       The file must follow the following format:

           auth num
           num method secret
           num method secret
           num method secret
           ...

       num is a numerical identifier, between 1 and 15 inclusive. It must be
       unique within the file.

       method is one of the available authentication signature methods (see
       below for supported methods).

       secret is an alphanumerical shared secret used to identify cluster
       nodes to each other.

       auth num selects the currently active authentication method and secret.

SUPPORTED SIGNATURE METHODS

       The following signature methods are supported in authkeys (listed here
       in alphabetical order):

       md5
           MD5 hash method. This method requires a shared secret.

       sha1
           SHA-1 hash method. This method requires a shared secret.

       crc
           Cyclic Redundancy Check hash method. This method does not require a
           shared secret and is insecure; it's use is strongly discouraged.

       An absolutely up-to-date list of authentication methods supported may
       be retrieved by running ls /usr/lib/heartbeat/plugins/HBauth/*.so.

AUTHORS

       Alan Robertson <alanr@unix.sh>
           heartbeat, original Wiki page

       Florian Haas <florian.haas@linbit.com>
           man page