[Linux-ha-dev] Heartbeat authentication [was Re: Heartbeat 0.45
experiences]
Crispin Cowan
crispin@cse.ogi.edu
Tue, 19 Oct 1999 23:19:36 +0000
Alan Robertson wrote:
> The authentication was added to prevent an outside computer from being
> accepted as a cluster member by the cluster itself, and thereby obtaining the
> rights and privileges that go with that. It is believed that it will also
> make it somewhat more difficult for an outside computer to disrupt
> intracluster communications.
Thanks! That does clarify the intent.
> I haven't been worried about things I didn't create (like old holes).
A very reasonable philosophy for a project who's main aim is not security. All too
many projects don't even do that :-(
So it's my understanding that the nodes keep sending each other "I know a secret, and
here's a hash of the secret" packets, and the "secret" in question is a key shared
among all the nodes. There's something interesting going on with the way you're using
crypto hashes, but I haven't thought about it very carefully.
Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution: http://immunix.org