[Linux-cluster] Security in CMAN

Patrick Caulfield pcaulfie at redhat.com
Mon Dec 12 08:27:09 UTC 2005

guanxun mu wrote:
> IMO, there're lack security check in cman join/leave mechanism, that's
> means a aborative udp packet made the cluster untrusted, if there's a
> manageable authorization password input through proc entries, the wrong
> configured node or the cracker without the cluster-extension authorized
> word will not bother the cluster message passing. a simple memcmp
> calling in the beginning of process_message will out sight of load.  

Don't run the cluster over an interface that's open to the internet.

It's true that the security extras in cman are pretty much non-existant
though, I grant you.


More information about the Linux-cluster mailing list