authkeys — Authentication file for the Heartbeat cluster messaging layer
/etc/ha.d/authkeys is read by
heartbeat(8). It enables Heartbeat to
securely authenticate cluster nodes.
This file must not be readable or writable by any users other than root.
Two lines are required in the authkeys file:
A line which says which key to use in signing outgoing packets
One or more lines defining how incoming packets might be being signed.
The file must follow the following format:
authnumnummethodsecretnummethodsecretnummethodsecret...
num is a numerical identifier,
between 1 and 15 inclusive. It must be unique within the
file.
method is one of the available
authentication signature methods (see below for supported
methods).
secret is an alphanumerical
shared secret used to identify cluster nodes to each other.
auth num selects
the currently active authentication method and secret.
The following signature methods are supported in
authkeys (listed here in alphabetical
order):
md5
MD5 hash method. This method requires a shared secret.
sha1
SHA-1 hash method. This method requires a shared secret.
crc
Cyclic Redundancy Check hash method. This method does not require a shared secret and is insecure; it's use is strongly discouraged.
An absolutely up-to-date list of authentication methods
supported may be retrieved by running ls
/usr/lib/heartbeat/plugins/HBauth/*.so.