[Linux-cluster] Security in CMAN

[Patrick Caulfield]

guanxun mu wrote:
> IMO, there're lack security check in cman join/leave mechanism, that's
> means a aborative udp packet made the cluster untrusted, if there's a
> manageable authorization password input through proc entries, the wrong
> configured node or the cracker without the cluster-extension authorized
> word will not bother the cluster message passing. a simple memcmp
> calling in the beginning of process_message will out sight of load.  

Don't run the cluster over an interface that's open to the internet.

It's true that the security extras in cman are pretty much non-existant
though, I grant you.
-- 

patrick