AUTHKEYS(5) Configuration Files AUTHKEYS(5)NAME
authkeys - Authentication file for the Heartbeat cluster messaging layer
DESCRIPTION
/etc/ha.d/authkeys is read by heartbeat(8). It enables Heartbeat to securely authenticate cluster nodes.
This file must not be readable or writable by any users other than root.
FILE FORMAT
Two lines are required in the authkeys file:
1. A line which says which key to use in signing outgoing packets
2. One or more lines defining how incoming packets might be being signed.
The file must follow the following format:
auth num
num method secret
num method secret
num method secret
...
num is a numerical identifier, between 1 and 15 inclusive. It must be unique within the file.
method is one of the available authentication signature methods (see below for supported methods).
secret is an alphanumerical shared secret used to identify cluster nodes to each other.
auth num selects the currently active authentication method and secret.
SUPPORTED SIGNATURE METHODS
The following signature methods are supported in authkeys (listed here in alphabetical order):
md5
MD5 hash method. This method requires a shared secret.
sha1
SHA-1 hash method. This method requires a shared secret.
crc
Cyclic Redundancy Check hash method. This method does not require a shared secret and is insecure; it's use is strongly discouraged.
An absolutely up-to-date list of authentication methods supported may be retrieved by running ls /usr/lib/heartbeat/plugins/HBauth/*.so.
AUTHORS
Alan Robertson <alanr@unix.sh>
heartbeat, original Wiki page
Florian Haas <florian.haas@linbit.com>
man page
Heartbeat 3.0.5 24 Nov 2009 AUTHKEYS(5)
Check Out this Related Man Page
HEARTBEAT(8) System administration utilitie HEARTBEAT(8)NAME
heartbeat - Heartbeat subsystem for High-Availability Linux
DESCRIPTION
heartbeat is a basic heartbeat subsystem for Linux-HA. It will run scripts at initialisation, and when machines go up or down. This version
will also perform IP address takeover using gratuitous ARPs. It works correctly for a 2-node configuration, and is extensible to larger
configurations.
It implements the following kinds of heartbeats:
o UDP/IP broadcast;
o UDP/IP multicast;
o UDP/IP unicast;
o Bidirectional Serial Rings ("raw" serial ports) -- this type is deprecated and should no longer be used;
o special "ping" heartbeats for routers, etc. -- this type has been superseded by functionality in pacemaker() and should no longer be
used.
Comprehensive documentation on heartbeat is available in the Heartbeat User's Guide. If this documentation is not installed on your system,
it can be found at http://linux-ha.org/.
OPTIONS
The following options are supported by heartbeat:
-d
Increment debugging level. Higher levels are more verbose.
-r
Reload heartbeat. This option is functionally identical to sending a running heartbeat process a HUP signal. If the configuration has
not changed, then this option is essentially a no-op. If ha.cf(5) or authkeys(5) has changed, then heartbeat will re-read these files
and update its configuration.
This option may not be used together with -R.
-k
Kill (stop) heartbeat.
-s
Report heartbeat status.
-R
Heartbeat restart exec flag (internal use only). May not be used with -r.
-C
Heartbeat current resource state for restart (internal use only). Only valid with -R.
-V
Print out heartbeat version.
Note that most of these options are used for supporting the heartbeat init script, which provides the conventional start, stop, status and
restart options (among others). It is recommended to use this rather than invoking the heartbeat command directly.
SEE ALSO ha.cf(5), authkeys(5)AUTHORS
Alan Robertson <alanr@unix.sh>
heartbeat
Juan Pedro Paredes Caballero <juampe@retemail.es>
man page
Simon Horman <horms@verge.net.au>
man page
Florian Haas <florian.haas@linbit.com>
man page
Heartbeat 3.0.5 24 Nov 2009 HEARTBEAT(8)