Hi, Would like to understand how secure is the corosync authkey. As the authkey is a binary file, how is the private key saved inside the authkey?
Corosync uses symmetric encryption, so there is no public certificate. authkey = private key
What safeguard mechanisms are in place if the private key is compromised?
No safeguard mechanisms. Compromised authkey = problem.
For e.g I don't think it uses any temporary session key which refreshes periodically.
Exactly
Is it possible to dynamically update the key without causing any outage?
Nope Regards, Honza
-Thanks Nikhil _______________________________________________ Users mailing list: Users@clusterlabs.org http://clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
_______________________________________________ Users mailing list: Users@clusterlabs.org http://clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
