AUTHKEYS(5)
NAME
authkeys - Authentication file for the Heartbeat cluster messaging
layer
DESCRIPTION
/etc/ha.d/authkeys is read by heartbeat(8). It enables Heartbeat to
securely authenticate cluster nodes.
This file must not be readable or writable by any users other than
root.
FILE FORMAT
- Two lines are required in the authkeys file:
- 1. A line which says which key to use in signing outgoing packets
- 2. One or more lines defining how incoming packets might be being signed.
- The file must follow the following format:
auth num
num method secret
num method secret
num method secret
...- num is a numerical identifier, between 1 and 15 inclusive. It must be unique within the file.
- method is one of the available authentication signature methods (see below for supported methods).
- secret is an alphanumerical shared secret used to identify cluster nodes to each other.
- auth num selects the currently active authentication method and secret.
SUPPORTED SIGNATURE METHODS
The following signature methods are supported in authkeys (listed here
in alphabetical order):
- md5
- MD5 hash method. This method requires a shared secret.
- sha1
SHA-1 hash method. This method requires a shared secret. - crc
Cyclic Redundancy Check hash method. This method does not require a shared secret and is insecure; it's use is strongly discouraged. - An absolutely up-to-date list of authentication methods supported may
be retrieved by running ls /usr/lib/heartbeat/plugins/HBauth/*.so.
AUTHORS
- Alan Robertson <alanr@unix.sh>
- heartbeat, original Wiki page
- Florian Haas <florian.haas@linbit.com>
man page