'\" t .\" Title: authkeys .\" Author: Alan Robertson .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 24 Nov 2009 .\" Manual: Configuration Files .\" Source: Heartbeat 3.0.6 .\" Language: English .\" .TH "AUTHKEYS" "5" "24 Nov 2009" "Heartbeat 3.0.6" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" authkeys \- Authentication file for the Heartbeat cluster messaging layer .SH "DESCRIPTION" .PP /etc/ha\&.d/authkeys is read by \fBheartbeat\fR(8)\&. It enables Heartbeat to securely authenticate cluster nodes\&. .PP This file must not be readable or writable by any users other than root\&. .SH "FILE FORMAT" .PP Two lines are required in the authkeys file: .sp .RS 4 .ie n \{\ \h'-04' 1.\h'+01'\c .\} .el \{\ .sp -1 .IP " 1." 4.2 .\} A line which says which key to use in signing \fIoutgoing\fR packets .RE .sp .RS 4 .ie n \{\ \h'-04' 2.\h'+01'\c .\} .el \{\ .sp -1 .IP " 2." 4.2 .\} One or more lines defining how \fIincoming\fR packets might be being signed\&. .RE .PP The file must follow the following format: .sp .if n \{\ .RS 4 .\} .nf \fBauth\fR \fInum\fR \fInum\fR \fImethod\fR \fIsecret\fR \fInum\fR \fImethod\fR \fIsecret\fR \fInum\fR \fImethod\fR \fIsecret\fR \&.\&.\&. .fi .if n \{\ .RE .\} .PP \fInum\fR is a numerical identifier, between 1 and 15 inclusive\&. It must be unique within the file\&. .PP \fImethod\fR is one of the available authentication signature methods (see below for supported methods)\&. .PP \fIsecret\fR is an alphanumerical shared secret used to identify cluster nodes to each other\&. .PP \fBauth\fR \fInum\fR selects the currently active authentication method and secret\&. .SH "SUPPORTED SIGNATURE METHODS" .PP The following signature methods are supported in authkeys (listed here in alphabetical order): .PP \fBmd5\fR .RS 4 MD5 hash method\&. This method requires a shared secret\&. .RE .PP \fBsha1\fR .RS 4 SHA\-1 hash method\&. This method requires a shared secret\&. .RE .PP \fBcrc\fR .RS 4 Cyclic Redundancy Check hash method\&. This method does not require a shared secret and is insecure; it\*(Aqs use is strongly discouraged\&. .RE .PP An absolutely up\-to\-date list of authentication methods supported may be retrieved by running \fBls \fR\fB/usr/lib/heartbeat/plugins/HBauth/*\&.so\fR\&. .SH "AUTHORS" .PP \fBAlan Robertson\fR <\&alanr@unix\&.sh\&> .RS 4 heartbeat, original Wiki page .RE .PP \fBLars Ellenberg\fR <\&lars\&.ellenberg@linbit\&.com\&> .RS 4 Heartbeat Maintainer; code fixes; documentation updates .RE .PP \fBFlorian Haas\fR <\&florian\&.haas@linbit\&.com\&> .RS 4 man page .RE